projects / deliverable / linux.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Bluetooth: AMP: Check for hs_hcon instead of ctrl_id
[deliverable/linux.git] / net / bluetooth / hci_event.c
... / ...
CommitLineData
1/*
2 BlueZ - Bluetooth protocol stack for Linux
3 Copyright (c) 2000-2001, 2010, Code Aurora Forum. All rights reserved.
4
5 Written 2000,2001 by Maxim Krasnyansky <maxk@qualcomm.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI event handling. */
26
27#include <asm/unaligned.h>
28
29#include <net/bluetooth/bluetooth.h>
30#include <net/bluetooth/hci_core.h>
31#include <net/bluetooth/mgmt.h>
32#include <net/bluetooth/a2mp.h>
33#include <net/bluetooth/amp.h>
34
35/* Handle HCI Event packets */
36
37static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
38{
39 __u8 status = *((__u8 *) skb->data);
40
41 BT_DBG("%s status 0x%2.2x", hdev->name, status);
42
43 if (status) {
44 hci_dev_lock(hdev);
45 mgmt_stop_discovery_failed(hdev, status);
46 hci_dev_unlock(hdev);
47 return;
48 }
49
50 clear_bit(HCI_INQUIRY, &hdev->flags);
51
52 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev);
55
56 hci_req_complete(hdev, HCI_OP_INQUIRY_CANCEL, status);
57
58 hci_conn_check_pending(hdev);
59}
60
61static void hci_cc_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
62{
63 __u8 status = *((__u8 *) skb->data);
64
65 BT_DBG("%s status 0x%2.2x", hdev->name, status);
66
67 if (status)
68 return;
69
70 set_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
71}
72
73static void hci_cc_exit_periodic_inq(struct hci_dev *hdev, struct sk_buff *skb)
74{
75 __u8 status = *((__u8 *) skb->data);
76
77 BT_DBG("%s status 0x%2.2x", hdev->name, status);
78
79 if (status)
80 return;
81
82 clear_bit(HCI_PERIODIC_INQ, &hdev->dev_flags);
83
84 hci_conn_check_pending(hdev);
85}
86
87static void hci_cc_remote_name_req_cancel(struct hci_dev *hdev,
88 struct sk_buff *skb)
89{
90 BT_DBG("%s", hdev->name);
91}
92
93static void hci_cc_role_discovery(struct hci_dev *hdev, struct sk_buff *skb)
94{
95 struct hci_rp_role_discovery *rp = (void *) skb->data;
96 struct hci_conn *conn;
97
98 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
99
100 if (rp->status)
101 return;
102
103 hci_dev_lock(hdev);
104
105 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
106 if (conn) {
107 if (rp->role)
108 conn->link_mode &= ~HCI_LM_MASTER;
109 else
110 conn->link_mode |= HCI_LM_MASTER;
111 }
112
113 hci_dev_unlock(hdev);
114}
115
116static void hci_cc_read_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
117{
118 struct hci_rp_read_link_policy *rp = (void *) skb->data;
119 struct hci_conn *conn;
120
121 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
122
123 if (rp->status)
124 return;
125
126 hci_dev_lock(hdev);
127
128 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
129 if (conn)
130 conn->link_policy = __le16_to_cpu(rp->policy);
131
132 hci_dev_unlock(hdev);
133}
134
135static void hci_cc_write_link_policy(struct hci_dev *hdev, struct sk_buff *skb)
136{
137 struct hci_rp_write_link_policy *rp = (void *) skb->data;
138 struct hci_conn *conn;
139 void *sent;
140
141 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
142
143 if (rp->status)
144 return;
145
146 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LINK_POLICY);
147 if (!sent)
148 return;
149
150 hci_dev_lock(hdev);
151
152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(rp->handle));
153 if (conn)
154 conn->link_policy = get_unaligned_le16(sent + 2);
155
156 hci_dev_unlock(hdev);
157}
158
159static void hci_cc_read_def_link_policy(struct hci_dev *hdev,
160 struct sk_buff *skb)
161{
162 struct hci_rp_read_def_link_policy *rp = (void *) skb->data;
163
164 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
165
166 if (rp->status)
167 return;
168
169 hdev->link_policy = __le16_to_cpu(rp->policy);
170}
171
172static void hci_cc_write_def_link_policy(struct hci_dev *hdev,
173 struct sk_buff *skb)
174{
175 __u8 status = *((__u8 *) skb->data);
176 void *sent;
177
178 BT_DBG("%s status 0x%2.2x", hdev->name, status);
179
180 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_DEF_LINK_POLICY);
181 if (!sent)
182 return;
183
184 if (!status)
185 hdev->link_policy = get_unaligned_le16(sent);
186
187 hci_req_complete(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, status);
188}
189
190static void hci_cc_reset(struct hci_dev *hdev, struct sk_buff *skb)
191{
192 __u8 status = *((__u8 *) skb->data);
193
194 BT_DBG("%s status 0x%2.2x", hdev->name, status);
195
196 clear_bit(HCI_RESET, &hdev->flags);
197
198 hci_req_complete(hdev, HCI_OP_RESET, status);
199
200 /* Reset all non-persistent flags */
201 hdev->dev_flags &= ~(BIT(HCI_LE_SCAN) | BIT(HCI_PENDING_CLASS) |
202 BIT(HCI_PERIODIC_INQ));
203
204 hdev->discovery.state = DISCOVERY_STOPPED;
205}
206
207static void hci_cc_write_local_name(struct hci_dev *hdev, struct sk_buff *skb)
208{
209 __u8 status = *((__u8 *) skb->data);
210 void *sent;
211
212 BT_DBG("%s status 0x%2.2x", hdev->name, status);
213
214 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LOCAL_NAME);
215 if (!sent)
216 return;
217
218 hci_dev_lock(hdev);
219
220 if (test_bit(HCI_MGMT, &hdev->dev_flags))
221 mgmt_set_local_name_complete(hdev, sent, status);
222 else if (!status)
223 memcpy(hdev->dev_name, sent, HCI_MAX_NAME_LENGTH);
224
225 hci_dev_unlock(hdev);
226
227 hci_req_complete(hdev, HCI_OP_WRITE_LOCAL_NAME, status);
228}
229
230static void hci_cc_read_local_name(struct hci_dev *hdev, struct sk_buff *skb)
231{
232 struct hci_rp_read_local_name *rp = (void *) skb->data;
233
234 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
235
236 if (rp->status)
237 return;
238
239 if (test_bit(HCI_SETUP, &hdev->dev_flags))
240 memcpy(hdev->dev_name, rp->name, HCI_MAX_NAME_LENGTH);
241}
242
243static void hci_cc_write_auth_enable(struct hci_dev *hdev, struct sk_buff *skb)
244{
245 __u8 status = *((__u8 *) skb->data);
246 void *sent;
247
248 BT_DBG("%s status 0x%2.2x", hdev->name, status);
249
250 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_AUTH_ENABLE);
251 if (!sent)
252 return;
253
254 if (!status) {
255 __u8 param = *((__u8 *) sent);
256
257 if (param == AUTH_ENABLED)
258 set_bit(HCI_AUTH, &hdev->flags);
259 else
260 clear_bit(HCI_AUTH, &hdev->flags);
261 }
262
263 if (test_bit(HCI_MGMT, &hdev->dev_flags))
264 mgmt_auth_enable_complete(hdev, status);
265
266 hci_req_complete(hdev, HCI_OP_WRITE_AUTH_ENABLE, status);
267}
268
269static void hci_cc_write_encrypt_mode(struct hci_dev *hdev, struct sk_buff *skb)
270{
271 __u8 status = *((__u8 *) skb->data);
272 void *sent;
273
274 BT_DBG("%s status 0x%2.2x", hdev->name, status);
275
276 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_ENCRYPT_MODE);
277 if (!sent)
278 return;
279
280 if (!status) {
281 __u8 param = *((__u8 *) sent);
282
283 if (param)
284 set_bit(HCI_ENCRYPT, &hdev->flags);
285 else
286 clear_bit(HCI_ENCRYPT, &hdev->flags);
287 }
288
289 hci_req_complete(hdev, HCI_OP_WRITE_ENCRYPT_MODE, status);
290}
291
292static void hci_cc_write_scan_enable(struct hci_dev *hdev, struct sk_buff *skb)
293{
294 __u8 param, status = *((__u8 *) skb->data);
295 int old_pscan, old_iscan;
296 void *sent;
297
298 BT_DBG("%s status 0x%2.2x", hdev->name, status);
299
300 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SCAN_ENABLE);
301 if (!sent)
302 return;
303
304 param = *((__u8 *) sent);
305
306 hci_dev_lock(hdev);
307
308 if (status) {
309 mgmt_write_scan_failed(hdev, param, status);
310 hdev->discov_timeout = 0;
311 goto done;
312 }
313
314 old_pscan = test_and_clear_bit(HCI_PSCAN, &hdev->flags);
315 old_iscan = test_and_clear_bit(HCI_ISCAN, &hdev->flags);
316
317 if (param & SCAN_INQUIRY) {
318 set_bit(HCI_ISCAN, &hdev->flags);
319 if (!old_iscan)
320 mgmt_discoverable(hdev, 1);
321 if (hdev->discov_timeout > 0) {
322 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
323 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
324 to);
325 }
326 } else if (old_iscan)
327 mgmt_discoverable(hdev, 0);
328
329 if (param & SCAN_PAGE) {
330 set_bit(HCI_PSCAN, &hdev->flags);
331 if (!old_pscan)
332 mgmt_connectable(hdev, 1);
333 } else if (old_pscan)
334 mgmt_connectable(hdev, 0);
335
336done:
337 hci_dev_unlock(hdev);
338 hci_req_complete(hdev, HCI_OP_WRITE_SCAN_ENABLE, status);
339}
340
341static void hci_cc_read_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
342{
343 struct hci_rp_read_class_of_dev *rp = (void *) skb->data;
344
345 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
346
347 if (rp->status)
348 return;
349
350 memcpy(hdev->dev_class, rp->dev_class, 3);
351
352 BT_DBG("%s class 0x%.2x%.2x%.2x", hdev->name,
353 hdev->dev_class[2], hdev->dev_class[1], hdev->dev_class[0]);
354}
355
356static void hci_cc_write_class_of_dev(struct hci_dev *hdev, struct sk_buff *skb)
357{
358 __u8 status = *((__u8 *) skb->data);
359 void *sent;
360
361 BT_DBG("%s status 0x%2.2x", hdev->name, status);
362
363 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_CLASS_OF_DEV);
364 if (!sent)
365 return;
366
367 hci_dev_lock(hdev);
368
369 if (status == 0)
370 memcpy(hdev->dev_class, sent, 3);
371
372 if (test_bit(HCI_MGMT, &hdev->dev_flags))
373 mgmt_set_class_of_dev_complete(hdev, sent, status);
374
375 hci_dev_unlock(hdev);
376}
377
378static void hci_cc_read_voice_setting(struct hci_dev *hdev, struct sk_buff *skb)
379{
380 struct hci_rp_read_voice_setting *rp = (void *) skb->data;
381 __u16 setting;
382
383 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
384
385 if (rp->status)
386 return;
387
388 setting = __le16_to_cpu(rp->voice_setting);
389
390 if (hdev->voice_setting == setting)
391 return;
392
393 hdev->voice_setting = setting;
394
395 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
396
397 if (hdev->notify)
398 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
399}
400
401static void hci_cc_write_voice_setting(struct hci_dev *hdev,
402 struct sk_buff *skb)
403{
404 __u8 status = *((__u8 *) skb->data);
405 __u16 setting;
406 void *sent;
407
408 BT_DBG("%s status 0x%2.2x", hdev->name, status);
409
410 if (status)
411 return;
412
413 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_VOICE_SETTING);
414 if (!sent)
415 return;
416
417 setting = get_unaligned_le16(sent);
418
419 if (hdev->voice_setting == setting)
420 return;
421
422 hdev->voice_setting = setting;
423
424 BT_DBG("%s voice setting 0x%4.4x", hdev->name, setting);
425
426 if (hdev->notify)
427 hdev->notify(hdev, HCI_NOTIFY_VOICE_SETTING);
428}
429
430static void hci_cc_host_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
431{
432 __u8 status = *((__u8 *) skb->data);
433
434 BT_DBG("%s status 0x%2.2x", hdev->name, status);
435
436 hci_req_complete(hdev, HCI_OP_HOST_BUFFER_SIZE, status);
437}
438
439static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
440{
441 __u8 status = *((__u8 *) skb->data);
442 struct hci_cp_write_ssp_mode *sent;
443
444 BT_DBG("%s status 0x%2.2x", hdev->name, status);
445
446 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_SSP_MODE);
447 if (!sent)
448 return;
449
450 if (!status) {
451 if (sent->mode)
452 hdev->host_features[0] |= LMP_HOST_SSP;
453 else
454 hdev->host_features[0] &= ~LMP_HOST_SSP;
455 }
456
457 if (test_bit(HCI_MGMT, &hdev->dev_flags))
458 mgmt_ssp_enable_complete(hdev, sent->mode, status);
459 else if (!status) {
460 if (sent->mode)
461 set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
462 else
463 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
464 }
465}
466
467static u8 hci_get_inquiry_mode(struct hci_dev *hdev)
468{
469 if (lmp_ext_inq_capable(hdev))
470 return 2;
471
472 if (lmp_inq_rssi_capable(hdev))
473 return 1;
474
475 if (hdev->manufacturer == 11 && hdev->hci_rev == 0x00 &&
476 hdev->lmp_subver == 0x0757)
477 return 1;
478
479 if (hdev->manufacturer == 15) {
480 if (hdev->hci_rev == 0x03 && hdev->lmp_subver == 0x6963)
481 return 1;
482 if (hdev->hci_rev == 0x09 && hdev->lmp_subver == 0x6963)
483 return 1;
484 if (hdev->hci_rev == 0x00 && hdev->lmp_subver == 0x6965)
485 return 1;
486 }
487
488 if (hdev->manufacturer == 31 && hdev->hci_rev == 0x2005 &&
489 hdev->lmp_subver == 0x1805)
490 return 1;
491
492 return 0;
493}
494
495static void hci_setup_inquiry_mode(struct hci_dev *hdev)
496{
497 u8 mode;
498
499 mode = hci_get_inquiry_mode(hdev);
500
501 hci_send_cmd(hdev, HCI_OP_WRITE_INQUIRY_MODE, 1, &mode);
502}
503
504static void hci_setup_event_mask(struct hci_dev *hdev)
505{
506 /* The second byte is 0xff instead of 0x9f (two reserved bits
507 * disabled) since a Broadcom 1.2 dongle doesn't respond to the
508 * command otherwise */
509 u8 events[8] = { 0xff, 0xff, 0xfb, 0xff, 0x00, 0x00, 0x00, 0x00 };
510
511 /* CSR 1.1 dongles does not accept any bitfield so don't try to set
512 * any event mask for pre 1.2 devices */
513 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
514 return;
515
516 if (lmp_bredr_capable(hdev)) {
517 events[4] |= 0x01; /* Flow Specification Complete */
518 events[4] |= 0x02; /* Inquiry Result with RSSI */
519 events[4] |= 0x04; /* Read Remote Extended Features Complete */
520 events[5] |= 0x08; /* Synchronous Connection Complete */
521 events[5] |= 0x10; /* Synchronous Connection Changed */
522 }
523
524 if (lmp_inq_rssi_capable(hdev))
525 events[4] |= 0x02; /* Inquiry Result with RSSI */
526
527 if (lmp_sniffsubr_capable(hdev))
528 events[5] |= 0x20; /* Sniff Subrating */
529
530 if (lmp_pause_enc_capable(hdev))
531 events[5] |= 0x80; /* Encryption Key Refresh Complete */
532
533 if (lmp_ext_inq_capable(hdev))
534 events[5] |= 0x40; /* Extended Inquiry Result */
535
536 if (lmp_no_flush_capable(hdev))
537 events[7] |= 0x01; /* Enhanced Flush Complete */
538
539 if (lmp_lsto_capable(hdev))
540 events[6] |= 0x80; /* Link Supervision Timeout Changed */
541
542 if (lmp_ssp_capable(hdev)) {
543 events[6] |= 0x01; /* IO Capability Request */
544 events[6] |= 0x02; /* IO Capability Response */
545 events[6] |= 0x04; /* User Confirmation Request */
546 events[6] |= 0x08; /* User Passkey Request */
547 events[6] |= 0x10; /* Remote OOB Data Request */
548 events[6] |= 0x20; /* Simple Pairing Complete */
549 events[7] |= 0x04; /* User Passkey Notification */
550 events[7] |= 0x08; /* Keypress Notification */
551 events[7] |= 0x10; /* Remote Host Supported
552 * Features Notification */
553 }
554
555 if (lmp_le_capable(hdev))
556 events[7] |= 0x20; /* LE Meta-Event */
557
558 hci_send_cmd(hdev, HCI_OP_SET_EVENT_MASK, sizeof(events), events);
559
560 if (lmp_le_capable(hdev)) {
561 memset(events, 0, sizeof(events));
562 events[0] = 0x1f;
563 hci_send_cmd(hdev, HCI_OP_LE_SET_EVENT_MASK,
564 sizeof(events), events);
565 }
566}
567
568static void bredr_setup(struct hci_dev *hdev)
569{
570 struct hci_cp_delete_stored_link_key cp;
571 __le16 param;
572 __u8 flt_type;
573
574 /* Read Buffer Size (ACL mtu, max pkt, etc.) */
575 hci_send_cmd(hdev, HCI_OP_READ_BUFFER_SIZE, 0, NULL);
576
577 /* Read Class of Device */
578 hci_send_cmd(hdev, HCI_OP_READ_CLASS_OF_DEV, 0, NULL);
579
580 /* Read Local Name */
581 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_NAME, 0, NULL);
582
583 /* Read Voice Setting */
584 hci_send_cmd(hdev, HCI_OP_READ_VOICE_SETTING, 0, NULL);
585
586 /* Clear Event Filters */
587 flt_type = HCI_FLT_CLEAR_ALL;
588 hci_send_cmd(hdev, HCI_OP_SET_EVENT_FLT, 1, &flt_type);
589
590 /* Connection accept timeout ~20 secs */
591 param = __constant_cpu_to_le16(0x7d00);
592 hci_send_cmd(hdev, HCI_OP_WRITE_CA_TIMEOUT, 2, &param);
593
594 bacpy(&cp.bdaddr, BDADDR_ANY);
595 cp.delete_all = 1;
596 hci_send_cmd(hdev, HCI_OP_DELETE_STORED_LINK_KEY, sizeof(cp), &cp);
597}
598
599static void le_setup(struct hci_dev *hdev)
600{
601 /* Read LE Buffer Size */
602 hci_send_cmd(hdev, HCI_OP_LE_READ_BUFFER_SIZE, 0, NULL);
603
604 /* Read LE Advertising Channel TX Power */
605 hci_send_cmd(hdev, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL);
606}
607
608static void hci_setup(struct hci_dev *hdev)
609{
610 if (hdev->dev_type != HCI_BREDR)
611 return;
612
613 /* Read BD Address */
614 hci_send_cmd(hdev, HCI_OP_READ_BD_ADDR, 0, NULL);
615
616 if (lmp_bredr_capable(hdev))
617 bredr_setup(hdev);
618
619 if (lmp_le_capable(hdev))
620 le_setup(hdev);
621
622 hci_setup_event_mask(hdev);
623
624 if (hdev->hci_ver > BLUETOOTH_VER_1_1)
625 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_COMMANDS, 0, NULL);
626
627 if (lmp_ssp_capable(hdev)) {
628 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
629 u8 mode = 0x01;
630 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE,
631 sizeof(mode), &mode);
632 } else {
633 struct hci_cp_write_eir cp;
634
635 memset(hdev->eir, 0, sizeof(hdev->eir));
636 memset(&cp, 0, sizeof(cp));
637
638 hci_send_cmd(hdev, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
639 }
640 }
641
642 if (lmp_inq_rssi_capable(hdev))
643 hci_setup_inquiry_mode(hdev);
644
645 if (lmp_inq_tx_pwr_capable(hdev))
646 hci_send_cmd(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, 0, NULL);
647
648 if (lmp_ext_feat_capable(hdev)) {
649 struct hci_cp_read_local_ext_features cp;
650
651 cp.page = 0x01;
652 hci_send_cmd(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, sizeof(cp),
653 &cp);
654 }
655
656 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags)) {
657 u8 enable = 1;
658 hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(enable),
659 &enable);
660 }
661}
662
663static void hci_cc_read_local_version(struct hci_dev *hdev, struct sk_buff *skb)
664{
665 struct hci_rp_read_local_version *rp = (void *) skb->data;
666
667 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
668
669 if (rp->status)
670 goto done;
671
672 hdev->hci_ver = rp->hci_ver;
673 hdev->hci_rev = __le16_to_cpu(rp->hci_rev);
674 hdev->lmp_ver = rp->lmp_ver;
675 hdev->manufacturer = __le16_to_cpu(rp->manufacturer);
676 hdev->lmp_subver = __le16_to_cpu(rp->lmp_subver);
677
678 BT_DBG("%s manufacturer 0x%4.4x hci ver %d:%d", hdev->name,
679 hdev->manufacturer, hdev->hci_ver, hdev->hci_rev);
680
681 if (test_bit(HCI_INIT, &hdev->flags))
682 hci_setup(hdev);
683
684done:
685 hci_req_complete(hdev, HCI_OP_READ_LOCAL_VERSION, rp->status);
686}
687
688static void hci_setup_link_policy(struct hci_dev *hdev)
689{
690 struct hci_cp_write_def_link_policy cp;
691 u16 link_policy = 0;
692
693 if (lmp_rswitch_capable(hdev))
694 link_policy |= HCI_LP_RSWITCH;
695 if (lmp_hold_capable(hdev))
696 link_policy |= HCI_LP_HOLD;
697 if (lmp_sniff_capable(hdev))
698 link_policy |= HCI_LP_SNIFF;
699 if (lmp_park_capable(hdev))
700 link_policy |= HCI_LP_PARK;
701
702 cp.policy = cpu_to_le16(link_policy);
703 hci_send_cmd(hdev, HCI_OP_WRITE_DEF_LINK_POLICY, sizeof(cp), &cp);
704}
705
706static void hci_cc_read_local_commands(struct hci_dev *hdev,
707 struct sk_buff *skb)
708{
709 struct hci_rp_read_local_commands *rp = (void *) skb->data;
710
711 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
712
713 if (rp->status)
714 goto done;
715
716 memcpy(hdev->commands, rp->commands, sizeof(hdev->commands));
717
718 if (test_bit(HCI_INIT, &hdev->flags) && (hdev->commands[5] & 0x10))
719 hci_setup_link_policy(hdev);
720
721done:
722 hci_req_complete(hdev, HCI_OP_READ_LOCAL_COMMANDS, rp->status);
723}
724
725static void hci_cc_read_local_features(struct hci_dev *hdev,
726 struct sk_buff *skb)
727{
728 struct hci_rp_read_local_features *rp = (void *) skb->data;
729
730 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
731
732 if (rp->status)
733 return;
734
735 memcpy(hdev->features, rp->features, 8);
736
737 /* Adjust default settings according to features
738 * supported by device. */
739
740 if (hdev->features[0] & LMP_3SLOT)
741 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
742
743 if (hdev->features[0] & LMP_5SLOT)
744 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
745
746 if (hdev->features[1] & LMP_HV2) {
747 hdev->pkt_type |= (HCI_HV2);
748 hdev->esco_type |= (ESCO_HV2);
749 }
750
751 if (hdev->features[1] & LMP_HV3) {
752 hdev->pkt_type |= (HCI_HV3);
753 hdev->esco_type |= (ESCO_HV3);
754 }
755
756 if (lmp_esco_capable(hdev))
757 hdev->esco_type |= (ESCO_EV3);
758
759 if (hdev->features[4] & LMP_EV4)
760 hdev->esco_type |= (ESCO_EV4);
761
762 if (hdev->features[4] & LMP_EV5)
763 hdev->esco_type |= (ESCO_EV5);
764
765 if (hdev->features[5] & LMP_EDR_ESCO_2M)
766 hdev->esco_type |= (ESCO_2EV3);
767
768 if (hdev->features[5] & LMP_EDR_ESCO_3M)
769 hdev->esco_type |= (ESCO_3EV3);
770
771 if (hdev->features[5] & LMP_EDR_3S_ESCO)
772 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
773
774 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
775 hdev->features[0], hdev->features[1],
776 hdev->features[2], hdev->features[3],
777 hdev->features[4], hdev->features[5],
778 hdev->features[6], hdev->features[7]);
779}
780
781static void hci_set_le_support(struct hci_dev *hdev)
782{
783 struct hci_cp_write_le_host_supported cp;
784
785 memset(&cp, 0, sizeof(cp));
786
787 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
788 cp.le = 1;
789 cp.simul = !!lmp_le_br_capable(hdev);
790 }
791
792 if (cp.le != !!lmp_host_le_capable(hdev))
793 hci_send_cmd(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(cp),
794 &cp);
795}
796
797static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
798 struct sk_buff *skb)
799{
800 struct hci_rp_read_local_ext_features *rp = (void *) skb->data;
801
802 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
803
804 if (rp->status)
805 goto done;
806
807 switch (rp->page) {
808 case 0:
809 memcpy(hdev->features, rp->features, 8);
810 break;
811 case 1:
812 memcpy(hdev->host_features, rp->features, 8);
813 break;
814 }
815
816 if (test_bit(HCI_INIT, &hdev->flags) && lmp_le_capable(hdev))
817 hci_set_le_support(hdev);
818
819done:
820 hci_req_complete(hdev, HCI_OP_READ_LOCAL_EXT_FEATURES, rp->status);
821}
822
823static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
824 struct sk_buff *skb)
825{
826 struct hci_rp_read_flow_control_mode *rp = (void *) skb->data;
827
828 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
829
830 if (rp->status)
831 return;
832
833 hdev->flow_ctl_mode = rp->mode;
834
835 hci_req_complete(hdev, HCI_OP_READ_FLOW_CONTROL_MODE, rp->status);
836}
837
838static void hci_cc_read_buffer_size(struct hci_dev *hdev, struct sk_buff *skb)
839{
840 struct hci_rp_read_buffer_size *rp = (void *) skb->data;
841
842 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
843
844 if (rp->status)
845 return;
846
847 hdev->acl_mtu = __le16_to_cpu(rp->acl_mtu);
848 hdev->sco_mtu = rp->sco_mtu;
849 hdev->acl_pkts = __le16_to_cpu(rp->acl_max_pkt);
850 hdev->sco_pkts = __le16_to_cpu(rp->sco_max_pkt);
851
852 if (test_bit(HCI_QUIRK_FIXUP_BUFFER_SIZE, &hdev->quirks)) {
853 hdev->sco_mtu = 64;
854 hdev->sco_pkts = 8;
855 }
856
857 hdev->acl_cnt = hdev->acl_pkts;
858 hdev->sco_cnt = hdev->sco_pkts;
859
860 BT_DBG("%s acl mtu %d:%d sco mtu %d:%d", hdev->name, hdev->acl_mtu,
861 hdev->acl_pkts, hdev->sco_mtu, hdev->sco_pkts);
862}
863
864static void hci_cc_read_bd_addr(struct hci_dev *hdev, struct sk_buff *skb)
865{
866 struct hci_rp_read_bd_addr *rp = (void *) skb->data;
867
868 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
869
870 if (!rp->status)
871 bacpy(&hdev->bdaddr, &rp->bdaddr);
872
873 hci_req_complete(hdev, HCI_OP_READ_BD_ADDR, rp->status);
874}
875
876static void hci_cc_read_data_block_size(struct hci_dev *hdev,
877 struct sk_buff *skb)
878{
879 struct hci_rp_read_data_block_size *rp = (void *) skb->data;
880
881 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
882
883 if (rp->status)
884 return;
885
886 hdev->block_mtu = __le16_to_cpu(rp->max_acl_len);
887 hdev->block_len = __le16_to_cpu(rp->block_len);
888 hdev->num_blocks = __le16_to_cpu(rp->num_blocks);
889
890 hdev->block_cnt = hdev->num_blocks;
891
892 BT_DBG("%s blk mtu %d cnt %d len %d", hdev->name, hdev->block_mtu,
893 hdev->block_cnt, hdev->block_len);
894
895 hci_req_complete(hdev, HCI_OP_READ_DATA_BLOCK_SIZE, rp->status);
896}
897
898static void hci_cc_write_ca_timeout(struct hci_dev *hdev, struct sk_buff *skb)
899{
900 __u8 status = *((__u8 *) skb->data);
901
902 BT_DBG("%s status 0x%2.2x", hdev->name, status);
903
904 hci_req_complete(hdev, HCI_OP_WRITE_CA_TIMEOUT, status);
905}
906
907static void hci_cc_read_local_amp_info(struct hci_dev *hdev,
908 struct sk_buff *skb)
909{
910 struct hci_rp_read_local_amp_info *rp = (void *) skb->data;
911
912 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
913
914 if (rp->status)
915 goto a2mp_rsp;
916
917 hdev->amp_status = rp->amp_status;
918 hdev->amp_total_bw = __le32_to_cpu(rp->total_bw);
919 hdev->amp_max_bw = __le32_to_cpu(rp->max_bw);
920 hdev->amp_min_latency = __le32_to_cpu(rp->min_latency);
921 hdev->amp_max_pdu = __le32_to_cpu(rp->max_pdu);
922 hdev->amp_type = rp->amp_type;
923 hdev->amp_pal_cap = __le16_to_cpu(rp->pal_cap);
924 hdev->amp_assoc_size = __le16_to_cpu(rp->max_assoc_size);
925 hdev->amp_be_flush_to = __le32_to_cpu(rp->be_flush_to);
926 hdev->amp_max_flush_to = __le32_to_cpu(rp->max_flush_to);
927
928 hci_req_complete(hdev, HCI_OP_READ_LOCAL_AMP_INFO, rp->status);
929
930a2mp_rsp:
931 a2mp_send_getinfo_rsp(hdev);
932}
933
934static void hci_cc_read_local_amp_assoc(struct hci_dev *hdev,
935 struct sk_buff *skb)
936{
937 struct hci_rp_read_local_amp_assoc *rp = (void *) skb->data;
938 struct amp_assoc *assoc = &hdev->loc_assoc;
939 size_t rem_len, frag_len;
940
941 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
942
943 if (rp->status)
944 goto a2mp_rsp;
945
946 frag_len = skb->len - sizeof(*rp);
947 rem_len = __le16_to_cpu(rp->rem_len);
948
949 if (rem_len > frag_len) {
950 BT_DBG("frag_len %zu rem_len %zu", frag_len, rem_len);
951
952 memcpy(assoc->data + assoc->offset, rp->frag, frag_len);
953 assoc->offset += frag_len;
954
955 /* Read other fragments */
956 amp_read_loc_assoc_frag(hdev, rp->phy_handle);
957
958 return;
959 }
960
961 memcpy(assoc->data + assoc->offset, rp->frag, rem_len);
962 assoc->len = assoc->offset + rem_len;
963 assoc->offset = 0;
964
965a2mp_rsp:
966 /* Send A2MP Rsp when all fragments are received */
967 a2mp_send_getampassoc_rsp(hdev, rp->status);
968 a2mp_send_create_phy_link_req(hdev, rp->status);
969}
970
971static void hci_cc_delete_stored_link_key(struct hci_dev *hdev,
972 struct sk_buff *skb)
973{
974 __u8 status = *((__u8 *) skb->data);
975
976 BT_DBG("%s status 0x%2.2x", hdev->name, status);
977
978 hci_req_complete(hdev, HCI_OP_DELETE_STORED_LINK_KEY, status);
979}
980
981static void hci_cc_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
982{
983 __u8 status = *((__u8 *) skb->data);
984
985 BT_DBG("%s status 0x%2.2x", hdev->name, status);
986
987 hci_req_complete(hdev, HCI_OP_SET_EVENT_MASK, status);
988}
989
990static void hci_cc_write_inquiry_mode(struct hci_dev *hdev,
991 struct sk_buff *skb)
992{
993 __u8 status = *((__u8 *) skb->data);
994
995 BT_DBG("%s status 0x%2.2x", hdev->name, status);
996
997 hci_req_complete(hdev, HCI_OP_WRITE_INQUIRY_MODE, status);
998}
999
1000static void hci_cc_read_inq_rsp_tx_power(struct hci_dev *hdev,
1001 struct sk_buff *skb)
1002{
1003 struct hci_rp_read_inq_rsp_tx_power *rp = (void *) skb->data;
1004
1005 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1006
1007 if (!rp->status)
1008 hdev->inq_tx_power = rp->tx_power;
1009
1010 hci_req_complete(hdev, HCI_OP_READ_INQ_RSP_TX_POWER, rp->status);
1011}
1012
1013static void hci_cc_set_event_flt(struct hci_dev *hdev, struct sk_buff *skb)
1014{
1015 __u8 status = *((__u8 *) skb->data);
1016
1017 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1018
1019 hci_req_complete(hdev, HCI_OP_SET_EVENT_FLT, status);
1020}
1021
1022static void hci_cc_pin_code_reply(struct hci_dev *hdev, struct sk_buff *skb)
1023{
1024 struct hci_rp_pin_code_reply *rp = (void *) skb->data;
1025 struct hci_cp_pin_code_reply *cp;
1026 struct hci_conn *conn;
1027
1028 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1029
1030 hci_dev_lock(hdev);
1031
1032 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1033 mgmt_pin_code_reply_complete(hdev, &rp->bdaddr, rp->status);
1034
1035 if (rp->status)
1036 goto unlock;
1037
1038 cp = hci_sent_cmd_data(hdev, HCI_OP_PIN_CODE_REPLY);
1039 if (!cp)
1040 goto unlock;
1041
1042 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1043 if (conn)
1044 conn->pin_length = cp->pin_len;
1045
1046unlock:
1047 hci_dev_unlock(hdev);
1048}
1049
1050static void hci_cc_pin_code_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1051{
1052 struct hci_rp_pin_code_neg_reply *rp = (void *) skb->data;
1053
1054 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1055
1056 hci_dev_lock(hdev);
1057
1058 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1059 mgmt_pin_code_neg_reply_complete(hdev, &rp->bdaddr,
1060 rp->status);
1061
1062 hci_dev_unlock(hdev);
1063}
1064
1065static void hci_cc_le_read_buffer_size(struct hci_dev *hdev,
1066 struct sk_buff *skb)
1067{
1068 struct hci_rp_le_read_buffer_size *rp = (void *) skb->data;
1069
1070 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1071
1072 if (rp->status)
1073 return;
1074
1075 hdev->le_mtu = __le16_to_cpu(rp->le_mtu);
1076 hdev->le_pkts = rp->le_max_pkt;
1077
1078 hdev->le_cnt = hdev->le_pkts;
1079
1080 BT_DBG("%s le mtu %d:%d", hdev->name, hdev->le_mtu, hdev->le_pkts);
1081
1082 hci_req_complete(hdev, HCI_OP_LE_READ_BUFFER_SIZE, rp->status);
1083}
1084
1085static void hci_cc_le_read_adv_tx_power(struct hci_dev *hdev,
1086 struct sk_buff *skb)
1087{
1088 struct hci_rp_le_read_adv_tx_power *rp = (void *) skb->data;
1089
1090 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1091
1092 if (!rp->status)
1093 hdev->adv_tx_power = rp->tx_power;
1094
1095 hci_req_complete(hdev, HCI_OP_LE_READ_ADV_TX_POWER, rp->status);
1096}
1097
1098static void hci_cc_le_set_event_mask(struct hci_dev *hdev, struct sk_buff *skb)
1099{
1100 __u8 status = *((__u8 *) skb->data);
1101
1102 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1103
1104 hci_req_complete(hdev, HCI_OP_LE_SET_EVENT_MASK, status);
1105}
1106
1107static void hci_cc_user_confirm_reply(struct hci_dev *hdev, struct sk_buff *skb)
1108{
1109 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1110
1111 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1112
1113 hci_dev_lock(hdev);
1114
1115 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1116 mgmt_user_confirm_reply_complete(hdev, &rp->bdaddr, ACL_LINK, 0,
1117 rp->status);
1118
1119 hci_dev_unlock(hdev);
1120}
1121
1122static void hci_cc_user_confirm_neg_reply(struct hci_dev *hdev,
1123 struct sk_buff *skb)
1124{
1125 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1126
1127 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1128
1129 hci_dev_lock(hdev);
1130
1131 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1132 mgmt_user_confirm_neg_reply_complete(hdev, &rp->bdaddr,
1133 ACL_LINK, 0, rp->status);
1134
1135 hci_dev_unlock(hdev);
1136}
1137
1138static void hci_cc_user_passkey_reply(struct hci_dev *hdev, struct sk_buff *skb)
1139{
1140 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1141
1142 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1143
1144 hci_dev_lock(hdev);
1145
1146 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1147 mgmt_user_passkey_reply_complete(hdev, &rp->bdaddr, ACL_LINK,
1148 0, rp->status);
1149
1150 hci_dev_unlock(hdev);
1151}
1152
1153static void hci_cc_user_passkey_neg_reply(struct hci_dev *hdev,
1154 struct sk_buff *skb)
1155{
1156 struct hci_rp_user_confirm_reply *rp = (void *) skb->data;
1157
1158 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1159
1160 hci_dev_lock(hdev);
1161
1162 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1163 mgmt_user_passkey_neg_reply_complete(hdev, &rp->bdaddr,
1164 ACL_LINK, 0, rp->status);
1165
1166 hci_dev_unlock(hdev);
1167}
1168
1169static void hci_cc_read_local_oob_data_reply(struct hci_dev *hdev,
1170 struct sk_buff *skb)
1171{
1172 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
1173
1174 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1175
1176 hci_dev_lock(hdev);
1177 mgmt_read_local_oob_data_reply_complete(hdev, rp->hash,
1178 rp->randomizer, rp->status);
1179 hci_dev_unlock(hdev);
1180}
1181
1182static void hci_cc_le_set_scan_param(struct hci_dev *hdev, struct sk_buff *skb)
1183{
1184 __u8 status = *((__u8 *) skb->data);
1185
1186 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1187
1188 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_PARAM, status);
1189
1190 if (status) {
1191 hci_dev_lock(hdev);
1192 mgmt_start_discovery_failed(hdev, status);
1193 hci_dev_unlock(hdev);
1194 return;
1195 }
1196}
1197
1198static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
1199 struct sk_buff *skb)
1200{
1201 struct hci_cp_le_set_scan_enable *cp;
1202 __u8 status = *((__u8 *) skb->data);
1203
1204 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1205
1206 cp = hci_sent_cmd_data(hdev, HCI_OP_LE_SET_SCAN_ENABLE);
1207 if (!cp)
1208 return;
1209
1210 switch (cp->enable) {
1211 case LE_SCANNING_ENABLED:
1212 hci_req_complete(hdev, HCI_OP_LE_SET_SCAN_ENABLE, status);
1213
1214 if (status) {
1215 hci_dev_lock(hdev);
1216 mgmt_start_discovery_failed(hdev, status);
1217 hci_dev_unlock(hdev);
1218 return;
1219 }
1220
1221 set_bit(HCI_LE_SCAN, &hdev->dev_flags);
1222
1223 hci_dev_lock(hdev);
1224 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1225 hci_dev_unlock(hdev);
1226 break;
1227
1228 case LE_SCANNING_DISABLED:
1229 if (status) {
1230 hci_dev_lock(hdev);
1231 mgmt_stop_discovery_failed(hdev, status);
1232 hci_dev_unlock(hdev);
1233 return;
1234 }
1235
1236 clear_bit(HCI_LE_SCAN, &hdev->dev_flags);
1237
1238 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
1239 hdev->discovery.state == DISCOVERY_FINDING) {
1240 mgmt_interleaved_discovery(hdev);
1241 } else {
1242 hci_dev_lock(hdev);
1243 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1244 hci_dev_unlock(hdev);
1245 }
1246
1247 break;
1248
1249 default:
1250 BT_ERR("Used reserved LE_Scan_Enable param %d", cp->enable);
1251 break;
1252 }
1253}
1254
1255static void hci_cc_le_ltk_reply(struct hci_dev *hdev, struct sk_buff *skb)
1256{
1257 struct hci_rp_le_ltk_reply *rp = (void *) skb->data;
1258
1259 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1260
1261 if (rp->status)
1262 return;
1263
1264 hci_req_complete(hdev, HCI_OP_LE_LTK_REPLY, rp->status);
1265}
1266
1267static void hci_cc_le_ltk_neg_reply(struct hci_dev *hdev, struct sk_buff *skb)
1268{
1269 struct hci_rp_le_ltk_neg_reply *rp = (void *) skb->data;
1270
1271 BT_DBG("%s status 0x%2.2x", hdev->name, rp->status);
1272
1273 if (rp->status)
1274 return;
1275
1276 hci_req_complete(hdev, HCI_OP_LE_LTK_NEG_REPLY, rp->status);
1277}
1278
1279static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1280 struct sk_buff *skb)
1281{
1282 struct hci_cp_write_le_host_supported *sent;
1283 __u8 status = *((__u8 *) skb->data);
1284
1285 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1286
1287 sent = hci_sent_cmd_data(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED);
1288 if (!sent)
1289 return;
1290
1291 if (!status) {
1292 if (sent->le)
1293 hdev->host_features[0] |= LMP_HOST_LE;
1294 else
1295 hdev->host_features[0] &= ~LMP_HOST_LE;
1296
1297 if (sent->simul)
1298 hdev->host_features[0] |= LMP_HOST_LE_BREDR;
1299 else
1300 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR;
1301 }
1302
1303 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
1304 !test_bit(HCI_INIT, &hdev->flags))
1305 mgmt_le_enable_complete(hdev, sent->le, status);
1306
1307 hci_req_complete(hdev, HCI_OP_WRITE_LE_HOST_SUPPORTED, status);
1308}
1309
1310static void hci_cc_write_remote_amp_assoc(struct hci_dev *hdev,
1311 struct sk_buff *skb)
1312{
1313 struct hci_rp_write_remote_amp_assoc *rp = (void *) skb->data;
1314
1315 BT_DBG("%s status 0x%2.2x phy_handle 0x%2.2x",
1316 hdev->name, rp->status, rp->phy_handle);
1317
1318 if (rp->status)
1319 return;
1320
1321 amp_write_rem_assoc_continue(hdev, rp->phy_handle);
1322}
1323
1324static void hci_cs_inquiry(struct hci_dev *hdev, __u8 status)
1325{
1326 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1327
1328 if (status) {
1329 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1330 hci_conn_check_pending(hdev);
1331 hci_dev_lock(hdev);
1332 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1333 mgmt_start_discovery_failed(hdev, status);
1334 hci_dev_unlock(hdev);
1335 return;
1336 }
1337
1338 set_bit(HCI_INQUIRY, &hdev->flags);
1339
1340 hci_dev_lock(hdev);
1341 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
1342 hci_dev_unlock(hdev);
1343}
1344
1345static void hci_cs_create_conn(struct hci_dev *hdev, __u8 status)
1346{
1347 struct hci_cp_create_conn *cp;
1348 struct hci_conn *conn;
1349
1350 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1351
1352 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_CONN);
1353 if (!cp)
1354 return;
1355
1356 hci_dev_lock(hdev);
1357
1358 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1359
1360 BT_DBG("%s bdaddr %pMR hcon %p", hdev->name, &cp->bdaddr, conn);
1361
1362 if (status) {
1363 if (conn && conn->state == BT_CONNECT) {
1364 if (status != 0x0c || conn->attempt > 2) {
1365 conn->state = BT_CLOSED;
1366 hci_proto_connect_cfm(conn, status);
1367 hci_conn_del(conn);
1368 } else
1369 conn->state = BT_CONNECT2;
1370 }
1371 } else {
1372 if (!conn) {
1373 conn = hci_conn_add(hdev, ACL_LINK, &cp->bdaddr);
1374 if (conn) {
1375 conn->out = true;
1376 conn->link_mode |= HCI_LM_MASTER;
1377 } else
1378 BT_ERR("No memory for new connection");
1379 }
1380 }
1381
1382 hci_dev_unlock(hdev);
1383}
1384
1385static void hci_cs_add_sco(struct hci_dev *hdev, __u8 status)
1386{
1387 struct hci_cp_add_sco *cp;
1388 struct hci_conn *acl, *sco;
1389 __u16 handle;
1390
1391 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1392
1393 if (!status)
1394 return;
1395
1396 cp = hci_sent_cmd_data(hdev, HCI_OP_ADD_SCO);
1397 if (!cp)
1398 return;
1399
1400 handle = __le16_to_cpu(cp->handle);
1401
1402 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1403
1404 hci_dev_lock(hdev);
1405
1406 acl = hci_conn_hash_lookup_handle(hdev, handle);
1407 if (acl) {
1408 sco = acl->link;
1409 if (sco) {
1410 sco->state = BT_CLOSED;
1411
1412 hci_proto_connect_cfm(sco, status);
1413 hci_conn_del(sco);
1414 }
1415 }
1416
1417 hci_dev_unlock(hdev);
1418}
1419
1420static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1421{
1422 struct hci_cp_auth_requested *cp;
1423 struct hci_conn *conn;
1424
1425 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1426
1427 if (!status)
1428 return;
1429
1430 cp = hci_sent_cmd_data(hdev, HCI_OP_AUTH_REQUESTED);
1431 if (!cp)
1432 return;
1433
1434 hci_dev_lock(hdev);
1435
1436 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1437 if (conn) {
1438 if (conn->state == BT_CONFIG) {
1439 hci_proto_connect_cfm(conn, status);
1440 hci_conn_put(conn);
1441 }
1442 }
1443
1444 hci_dev_unlock(hdev);
1445}
1446
1447static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1448{
1449 struct hci_cp_set_conn_encrypt *cp;
1450 struct hci_conn *conn;
1451
1452 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1453
1454 if (!status)
1455 return;
1456
1457 cp = hci_sent_cmd_data(hdev, HCI_OP_SET_CONN_ENCRYPT);
1458 if (!cp)
1459 return;
1460
1461 hci_dev_lock(hdev);
1462
1463 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1464 if (conn) {
1465 if (conn->state == BT_CONFIG) {
1466 hci_proto_connect_cfm(conn, status);
1467 hci_conn_put(conn);
1468 }
1469 }
1470
1471 hci_dev_unlock(hdev);
1472}
1473
1474static int hci_outgoing_auth_needed(struct hci_dev *hdev,
1475 struct hci_conn *conn)
1476{
1477 if (conn->state != BT_CONFIG || !conn->out)
1478 return 0;
1479
1480 if (conn->pending_sec_level == BT_SECURITY_SDP)
1481 return 0;
1482
1483 /* Only request authentication for SSP connections or non-SSP
1484 * devices with sec_level HIGH or if MITM protection is requested */
1485 if (!hci_conn_ssp_enabled(conn) && !(conn->auth_type & 0x01) &&
1486 conn->pending_sec_level != BT_SECURITY_HIGH)
1487 return 0;
1488
1489 return 1;
1490}
1491
1492static int hci_resolve_name(struct hci_dev *hdev,
1493 struct inquiry_entry *e)
1494{
1495 struct hci_cp_remote_name_req cp;
1496
1497 memset(&cp, 0, sizeof(cp));
1498
1499 bacpy(&cp.bdaddr, &e->data.bdaddr);
1500 cp.pscan_rep_mode = e->data.pscan_rep_mode;
1501 cp.pscan_mode = e->data.pscan_mode;
1502 cp.clock_offset = e->data.clock_offset;
1503
1504 return hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
1505}
1506
1507static bool hci_resolve_next_name(struct hci_dev *hdev)
1508{
1509 struct discovery_state *discov = &hdev->discovery;
1510 struct inquiry_entry *e;
1511
1512 if (list_empty(&discov->resolve))
1513 return false;
1514
1515 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1516 if (!e)
1517 return false;
1518
1519 if (hci_resolve_name(hdev, e) == 0) {
1520 e->name_state = NAME_PENDING;
1521 return true;
1522 }
1523
1524 return false;
1525}
1526
1527static void hci_check_pending_name(struct hci_dev *hdev, struct hci_conn *conn,
1528 bdaddr_t *bdaddr, u8 *name, u8 name_len)
1529{
1530 struct discovery_state *discov = &hdev->discovery;
1531 struct inquiry_entry *e;
1532
1533 if (conn && !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
1534 mgmt_device_connected(hdev, bdaddr, ACL_LINK, 0x00, 0, name,
1535 name_len, conn->dev_class);
1536
1537 if (discov->state == DISCOVERY_STOPPED)
1538 return;
1539
1540 if (discov->state == DISCOVERY_STOPPING)
1541 goto discov_complete;
1542
1543 if (discov->state != DISCOVERY_RESOLVING)
1544 return;
1545
1546 e = hci_inquiry_cache_lookup_resolve(hdev, bdaddr, NAME_PENDING);
1547 /* If the device was not found in a list of found devices names of which
1548 * are pending. there is no need to continue resolving a next name as it
1549 * will be done upon receiving another Remote Name Request Complete
1550 * Event */
1551 if (!e)
1552 return;
1553
1554 list_del(&e->list);
1555 if (name) {
1556 e->name_state = NAME_KNOWN;
1557 mgmt_remote_name(hdev, bdaddr, ACL_LINK, 0x00,
1558 e->data.rssi, name, name_len);
1559 } else {
1560 e->name_state = NAME_NOT_KNOWN;
1561 }
1562
1563 if (hci_resolve_next_name(hdev))
1564 return;
1565
1566discov_complete:
1567 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1568}
1569
1570static void hci_cs_remote_name_req(struct hci_dev *hdev, __u8 status)
1571{
1572 struct hci_cp_remote_name_req *cp;
1573 struct hci_conn *conn;
1574
1575 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1576
1577 /* If successful wait for the name req complete event before
1578 * checking for the need to do authentication */
1579 if (!status)
1580 return;
1581
1582 cp = hci_sent_cmd_data(hdev, HCI_OP_REMOTE_NAME_REQ);
1583 if (!cp)
1584 return;
1585
1586 hci_dev_lock(hdev);
1587
1588 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->bdaddr);
1589
1590 if (test_bit(HCI_MGMT, &hdev->dev_flags))
1591 hci_check_pending_name(hdev, conn, &cp->bdaddr, NULL, 0);
1592
1593 if (!conn)
1594 goto unlock;
1595
1596 if (!hci_outgoing_auth_needed(hdev, conn))
1597 goto unlock;
1598
1599 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
1600 struct hci_cp_auth_requested cp;
1601 cp.handle = __cpu_to_le16(conn->handle);
1602 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
1603 }
1604
1605unlock:
1606 hci_dev_unlock(hdev);
1607}
1608
1609static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1610{
1611 struct hci_cp_read_remote_features *cp;
1612 struct hci_conn *conn;
1613
1614 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1615
1616 if (!status)
1617 return;
1618
1619 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_FEATURES);
1620 if (!cp)
1621 return;
1622
1623 hci_dev_lock(hdev);
1624
1625 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1626 if (conn) {
1627 if (conn->state == BT_CONFIG) {
1628 hci_proto_connect_cfm(conn, status);
1629 hci_conn_put(conn);
1630 }
1631 }
1632
1633 hci_dev_unlock(hdev);
1634}
1635
1636static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1637{
1638 struct hci_cp_read_remote_ext_features *cp;
1639 struct hci_conn *conn;
1640
1641 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1642
1643 if (!status)
1644 return;
1645
1646 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES);
1647 if (!cp)
1648 return;
1649
1650 hci_dev_lock(hdev);
1651
1652 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1653 if (conn) {
1654 if (conn->state == BT_CONFIG) {
1655 hci_proto_connect_cfm(conn, status);
1656 hci_conn_put(conn);
1657 }
1658 }
1659
1660 hci_dev_unlock(hdev);
1661}
1662
1663static void hci_cs_setup_sync_conn(struct hci_dev *hdev, __u8 status)
1664{
1665 struct hci_cp_setup_sync_conn *cp;
1666 struct hci_conn *acl, *sco;
1667 __u16 handle;
1668
1669 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1670
1671 if (!status)
1672 return;
1673
1674 cp = hci_sent_cmd_data(hdev, HCI_OP_SETUP_SYNC_CONN);
1675 if (!cp)
1676 return;
1677
1678 handle = __le16_to_cpu(cp->handle);
1679
1680 BT_DBG("%s handle 0x%4.4x", hdev->name, handle);
1681
1682 hci_dev_lock(hdev);
1683
1684 acl = hci_conn_hash_lookup_handle(hdev, handle);
1685 if (acl) {
1686 sco = acl->link;
1687 if (sco) {
1688 sco->state = BT_CLOSED;
1689
1690 hci_proto_connect_cfm(sco, status);
1691 hci_conn_del(sco);
1692 }
1693 }
1694
1695 hci_dev_unlock(hdev);
1696}
1697
1698static void hci_cs_sniff_mode(struct hci_dev *hdev, __u8 status)
1699{
1700 struct hci_cp_sniff_mode *cp;
1701 struct hci_conn *conn;
1702
1703 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1704
1705 if (!status)
1706 return;
1707
1708 cp = hci_sent_cmd_data(hdev, HCI_OP_SNIFF_MODE);
1709 if (!cp)
1710 return;
1711
1712 hci_dev_lock(hdev);
1713
1714 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1715 if (conn) {
1716 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1717
1718 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1719 hci_sco_setup(conn, status);
1720 }
1721
1722 hci_dev_unlock(hdev);
1723}
1724
1725static void hci_cs_exit_sniff_mode(struct hci_dev *hdev, __u8 status)
1726{
1727 struct hci_cp_exit_sniff_mode *cp;
1728 struct hci_conn *conn;
1729
1730 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1731
1732 if (!status)
1733 return;
1734
1735 cp = hci_sent_cmd_data(hdev, HCI_OP_EXIT_SNIFF_MODE);
1736 if (!cp)
1737 return;
1738
1739 hci_dev_lock(hdev);
1740
1741 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1742 if (conn) {
1743 clear_bit(HCI_CONN_MODE_CHANGE_PEND, &conn->flags);
1744
1745 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
1746 hci_sco_setup(conn, status);
1747 }
1748
1749 hci_dev_unlock(hdev);
1750}
1751
1752static void hci_cs_disconnect(struct hci_dev *hdev, u8 status)
1753{
1754 struct hci_cp_disconnect *cp;
1755 struct hci_conn *conn;
1756
1757 if (!status)
1758 return;
1759
1760 cp = hci_sent_cmd_data(hdev, HCI_OP_DISCONNECT);
1761 if (!cp)
1762 return;
1763
1764 hci_dev_lock(hdev);
1765
1766 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(cp->handle));
1767 if (conn)
1768 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
1769 conn->dst_type, status);
1770
1771 hci_dev_unlock(hdev);
1772}
1773
1774static void hci_cs_le_create_conn(struct hci_dev *hdev, __u8 status)
1775{
1776 struct hci_conn *conn;
1777
1778 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1779
1780 if (status) {
1781 hci_dev_lock(hdev);
1782
1783 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
1784 if (!conn) {
1785 hci_dev_unlock(hdev);
1786 return;
1787 }
1788
1789 BT_DBG("%s bdaddr %pMR conn %p", hdev->name, &conn->dst, conn);
1790
1791 conn->state = BT_CLOSED;
1792 mgmt_connect_failed(hdev, &conn->dst, conn->type,
1793 conn->dst_type, status);
1794 hci_proto_connect_cfm(conn, status);
1795 hci_conn_del(conn);
1796
1797 hci_dev_unlock(hdev);
1798 }
1799}
1800
1801static void hci_cs_le_start_enc(struct hci_dev *hdev, u8 status)
1802{
1803 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1804}
1805
1806static void hci_cs_create_phylink(struct hci_dev *hdev, u8 status)
1807{
1808 struct hci_cp_create_phy_link *cp;
1809
1810 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1811
1812 cp = hci_sent_cmd_data(hdev, HCI_OP_CREATE_PHY_LINK);
1813 if (!cp)
1814 return;
1815
1816 hci_dev_lock(hdev);
1817
1818 if (status) {
1819 struct hci_conn *hcon;
1820
1821 hcon = hci_conn_hash_lookup_handle(hdev, cp->phy_handle);
1822 if (hcon)
1823 hci_conn_del(hcon);
1824 } else {
1825 amp_write_remote_assoc(hdev, cp->phy_handle);
1826 }
1827
1828 hci_dev_unlock(hdev);
1829}
1830
1831static void hci_cs_accept_phylink(struct hci_dev *hdev, u8 status)
1832{
1833 struct hci_cp_accept_phy_link *cp;
1834
1835 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1836
1837 if (status)
1838 return;
1839
1840 cp = hci_sent_cmd_data(hdev, HCI_OP_ACCEPT_PHY_LINK);
1841 if (!cp)
1842 return;
1843
1844 amp_write_remote_assoc(hdev, cp->phy_handle);
1845}
1846
1847static void hci_cs_create_logical_link(struct hci_dev *hdev, u8 status)
1848{
1849 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1850}
1851
1852static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1853{
1854 __u8 status = *((__u8 *) skb->data);
1855 struct discovery_state *discov = &hdev->discovery;
1856 struct inquiry_entry *e;
1857
1858 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1859
1860 hci_req_complete(hdev, HCI_OP_INQUIRY, status);
1861
1862 hci_conn_check_pending(hdev);
1863
1864 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1865 return;
1866
1867 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1868 return;
1869
1870 hci_dev_lock(hdev);
1871
1872 if (discov->state != DISCOVERY_FINDING)
1873 goto unlock;
1874
1875 if (list_empty(&discov->resolve)) {
1876 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1877 goto unlock;
1878 }
1879
1880 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY, NAME_NEEDED);
1881 if (e && hci_resolve_name(hdev, e) == 0) {
1882 e->name_state = NAME_PENDING;
1883 hci_discovery_set_state(hdev, DISCOVERY_RESOLVING);
1884 } else {
1885 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
1886 }
1887
1888unlock:
1889 hci_dev_unlock(hdev);
1890}
1891
1892static void hci_inquiry_result_evt(struct hci_dev *hdev, struct sk_buff *skb)
1893{
1894 struct inquiry_data data;
1895 struct inquiry_info *info = (void *) (skb->data + 1);
1896 int num_rsp = *((__u8 *) skb->data);
1897
1898 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
1899
1900 if (!num_rsp)
1901 return;
1902
1903 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
1904 return;
1905
1906 hci_dev_lock(hdev);
1907
1908 for (; num_rsp; num_rsp--, info++) {
1909 bool name_known, ssp;
1910
1911 bacpy(&data.bdaddr, &info->bdaddr);
1912 data.pscan_rep_mode = info->pscan_rep_mode;
1913 data.pscan_period_mode = info->pscan_period_mode;
1914 data.pscan_mode = info->pscan_mode;
1915 memcpy(data.dev_class, info->dev_class, 3);
1916 data.clock_offset = info->clock_offset;
1917 data.rssi = 0x00;
1918 data.ssp_mode = 0x00;
1919
1920 name_known = hci_inquiry_cache_update(hdev, &data, false, &ssp);
1921 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
1922 info->dev_class, 0, !name_known, ssp, NULL,
1923 0);
1924 }
1925
1926 hci_dev_unlock(hdev);
1927}
1928
1929static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1930{
1931 struct hci_ev_conn_complete *ev = (void *) skb->data;
1932 struct hci_conn *conn;
1933
1934 BT_DBG("%s", hdev->name);
1935
1936 hci_dev_lock(hdev);
1937
1938 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
1939 if (!conn) {
1940 if (ev->link_type != SCO_LINK)
1941 goto unlock;
1942
1943 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
1944 if (!conn)
1945 goto unlock;
1946
1947 conn->type = SCO_LINK;
1948 }
1949
1950 if (!ev->status) {
1951 conn->handle = __le16_to_cpu(ev->handle);
1952
1953 if (conn->type == ACL_LINK) {
1954 conn->state = BT_CONFIG;
1955 hci_conn_hold(conn);
1956
1957 if (!conn->out && !hci_conn_ssp_enabled(conn) &&
1958 !hci_find_link_key(hdev, &ev->bdaddr))
1959 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
1960 else
1961 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1962 } else
1963 conn->state = BT_CONNECTED;
1964
1965 hci_conn_hold_device(conn);
1966 hci_conn_add_sysfs(conn);
1967
1968 if (test_bit(HCI_AUTH, &hdev->flags))
1969 conn->link_mode |= HCI_LM_AUTH;
1970
1971 if (test_bit(HCI_ENCRYPT, &hdev->flags))
1972 conn->link_mode |= HCI_LM_ENCRYPT;
1973
1974 /* Get remote features */
1975 if (conn->type == ACL_LINK) {
1976 struct hci_cp_read_remote_features cp;
1977 cp.handle = ev->handle;
1978 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_FEATURES,
1979 sizeof(cp), &cp);
1980 }
1981
1982 /* Set packet type for incoming connection */
1983 if (!conn->out && hdev->hci_ver < BLUETOOTH_VER_2_0) {
1984 struct hci_cp_change_conn_ptype cp;
1985 cp.handle = ev->handle;
1986 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1987 hci_send_cmd(hdev, HCI_OP_CHANGE_CONN_PTYPE, sizeof(cp),
1988 &cp);
1989 }
1990 } else {
1991 conn->state = BT_CLOSED;
1992 if (conn->type == ACL_LINK)
1993 mgmt_connect_failed(hdev, &ev->bdaddr, conn->type,
1994 conn->dst_type, ev->status);
1995 }
1996
1997 if (conn->type == ACL_LINK)
1998 hci_sco_setup(conn, ev->status);
1999
2000 if (ev->status) {
2001 hci_proto_connect_cfm(conn, ev->status);
2002 hci_conn_del(conn);
2003 } else if (ev->link_type != ACL_LINK)
2004 hci_proto_connect_cfm(conn, ev->status);
2005
2006unlock:
2007 hci_dev_unlock(hdev);
2008
2009 hci_conn_check_pending(hdev);
2010}
2011
2012static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2013{
2014 struct hci_ev_conn_request *ev = (void *) skb->data;
2015 int mask = hdev->link_mode;
2016
2017 BT_DBG("%s bdaddr %pMR type 0x%x", hdev->name, &ev->bdaddr,
2018 ev->link_type);
2019
2020 mask |= hci_proto_connect_ind(hdev, &ev->bdaddr, ev->link_type);
2021
2022 if ((mask & HCI_LM_ACCEPT) &&
2023 !hci_blacklist_lookup(hdev, &ev->bdaddr)) {
2024 /* Connection accepted */
2025 struct inquiry_entry *ie;
2026 struct hci_conn *conn;
2027
2028 hci_dev_lock(hdev);
2029
2030 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
2031 if (ie)
2032 memcpy(ie->data.dev_class, ev->dev_class, 3);
2033
2034 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type,
2035 &ev->bdaddr);
2036 if (!conn) {
2037 conn = hci_conn_add(hdev, ev->link_type, &ev->bdaddr);
2038 if (!conn) {
2039 BT_ERR("No memory for new connection");
2040 hci_dev_unlock(hdev);
2041 return;
2042 }
2043 }
2044
2045 memcpy(conn->dev_class, ev->dev_class, 3);
2046 conn->state = BT_CONNECT;
2047
2048 hci_dev_unlock(hdev);
2049
2050 if (ev->link_type == ACL_LINK || !lmp_esco_capable(hdev)) {
2051 struct hci_cp_accept_conn_req cp;
2052
2053 bacpy(&cp.bdaddr, &ev->bdaddr);
2054
2055 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
2056 cp.role = 0x00; /* Become master */
2057 else
2058 cp.role = 0x01; /* Remain slave */
2059
2060 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp),
2061 &cp);
2062 } else {
2063 struct hci_cp_accept_sync_conn_req cp;
2064
2065 bacpy(&cp.bdaddr, &ev->bdaddr);
2066 cp.pkt_type = cpu_to_le16(conn->pkt_type);
2067
2068 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2069 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
2070 cp.max_latency = __constant_cpu_to_le16(0xffff);
2071 cp.content_format = cpu_to_le16(hdev->voice_setting);
2072 cp.retrans_effort = 0xff;
2073
2074 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
2075 sizeof(cp), &cp);
2076 }
2077 } else {
2078 /* Connection rejected */
2079 struct hci_cp_reject_conn_req cp;
2080
2081 bacpy(&cp.bdaddr, &ev->bdaddr);
2082 cp.reason = HCI_ERROR_REJ_BAD_ADDR;
2083 hci_send_cmd(hdev, HCI_OP_REJECT_CONN_REQ, sizeof(cp), &cp);
2084 }
2085}
2086
2087static u8 hci_to_mgmt_reason(u8 err)
2088{
2089 switch (err) {
2090 case HCI_ERROR_CONNECTION_TIMEOUT:
2091 return MGMT_DEV_DISCONN_TIMEOUT;
2092 case HCI_ERROR_REMOTE_USER_TERM:
2093 case HCI_ERROR_REMOTE_LOW_RESOURCES:
2094 case HCI_ERROR_REMOTE_POWER_OFF:
2095 return MGMT_DEV_DISCONN_REMOTE;
2096 case HCI_ERROR_LOCAL_HOST_TERM:
2097 return MGMT_DEV_DISCONN_LOCAL_HOST;
2098 default:
2099 return MGMT_DEV_DISCONN_UNKNOWN;
2100 }
2101}
2102
2103static void hci_disconn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2104{
2105 struct hci_ev_disconn_complete *ev = (void *) skb->data;
2106 struct hci_conn *conn;
2107
2108 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2109
2110 hci_dev_lock(hdev);
2111
2112 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2113 if (!conn)
2114 goto unlock;
2115
2116 if (ev->status == 0)
2117 conn->state = BT_CLOSED;
2118
2119 if (test_and_clear_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags) &&
2120 (conn->type == ACL_LINK || conn->type == LE_LINK)) {
2121 if (ev->status) {
2122 mgmt_disconnect_failed(hdev, &conn->dst, conn->type,
2123 conn->dst_type, ev->status);
2124 } else {
2125 u8 reason = hci_to_mgmt_reason(ev->reason);
2126
2127 mgmt_device_disconnected(hdev, &conn->dst, conn->type,
2128 conn->dst_type, reason);
2129 }
2130 }
2131
2132 if (ev->status == 0) {
2133 if (conn->type == ACL_LINK && conn->flush_key)
2134 hci_remove_link_key(hdev, &conn->dst);
2135 hci_proto_disconn_cfm(conn, ev->reason);
2136 hci_conn_del(conn);
2137 }
2138
2139unlock:
2140 hci_dev_unlock(hdev);
2141}
2142
2143static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2144{
2145 struct hci_ev_auth_complete *ev = (void *) skb->data;
2146 struct hci_conn *conn;
2147
2148 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2149
2150 hci_dev_lock(hdev);
2151
2152 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2153 if (!conn)
2154 goto unlock;
2155
2156 if (!ev->status) {
2157 if (!hci_conn_ssp_enabled(conn) &&
2158 test_bit(HCI_CONN_REAUTH_PEND, &conn->flags)) {
2159 BT_INFO("re-auth of legacy device is not possible.");
2160 } else {
2161 conn->link_mode |= HCI_LM_AUTH;
2162 conn->sec_level = conn->pending_sec_level;
2163 }
2164 } else {
2165 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
2166 ev->status);
2167 }
2168
2169 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2170 clear_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
2171
2172 if (conn->state == BT_CONFIG) {
2173 if (!ev->status && hci_conn_ssp_enabled(conn)) {
2174 struct hci_cp_set_conn_encrypt cp;
2175 cp.handle = ev->handle;
2176 cp.encrypt = 0x01;
2177 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2178 &cp);
2179 } else {
2180 conn->state = BT_CONNECTED;
2181 hci_proto_connect_cfm(conn, ev->status);
2182 hci_conn_put(conn);
2183 }
2184 } else {
2185 hci_auth_cfm(conn, ev->status);
2186
2187 hci_conn_hold(conn);
2188 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
2189 hci_conn_put(conn);
2190 }
2191
2192 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
2193 if (!ev->status) {
2194 struct hci_cp_set_conn_encrypt cp;
2195 cp.handle = ev->handle;
2196 cp.encrypt = 0x01;
2197 hci_send_cmd(hdev, HCI_OP_SET_CONN_ENCRYPT, sizeof(cp),
2198 &cp);
2199 } else {
2200 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2201 hci_encrypt_cfm(conn, ev->status, 0x00);
2202 }
2203 }
2204
2205unlock:
2206 hci_dev_unlock(hdev);
2207}
2208
2209static void hci_remote_name_evt(struct hci_dev *hdev, struct sk_buff *skb)
2210{
2211 struct hci_ev_remote_name *ev = (void *) skb->data;
2212 struct hci_conn *conn;
2213
2214 BT_DBG("%s", hdev->name);
2215
2216 hci_conn_check_pending(hdev);
2217
2218 hci_dev_lock(hdev);
2219
2220 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2221
2222 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
2223 goto check_auth;
2224
2225 if (ev->status == 0)
2226 hci_check_pending_name(hdev, conn, &ev->bdaddr, ev->name,
2227 strnlen(ev->name, HCI_MAX_NAME_LENGTH));
2228 else
2229 hci_check_pending_name(hdev, conn, &ev->bdaddr, NULL, 0);
2230
2231check_auth:
2232 if (!conn)
2233 goto unlock;
2234
2235 if (!hci_outgoing_auth_needed(hdev, conn))
2236 goto unlock;
2237
2238 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
2239 struct hci_cp_auth_requested cp;
2240 cp.handle = __cpu_to_le16(conn->handle);
2241 hci_send_cmd(hdev, HCI_OP_AUTH_REQUESTED, sizeof(cp), &cp);
2242 }
2243
2244unlock:
2245 hci_dev_unlock(hdev);
2246}
2247
2248static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2249{
2250 struct hci_ev_encrypt_change *ev = (void *) skb->data;
2251 struct hci_conn *conn;
2252
2253 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2254
2255 hci_dev_lock(hdev);
2256
2257 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2258 if (conn) {
2259 if (!ev->status) {
2260 if (ev->encrypt) {
2261 /* Encryption implies authentication */
2262 conn->link_mode |= HCI_LM_AUTH;
2263 conn->link_mode |= HCI_LM_ENCRYPT;
2264 conn->sec_level = conn->pending_sec_level;
2265 } else
2266 conn->link_mode &= ~HCI_LM_ENCRYPT;
2267 }
2268
2269 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
2270
2271 if (ev->status && conn->state == BT_CONNECTED) {
2272 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
2273 hci_conn_put(conn);
2274 goto unlock;
2275 }
2276
2277 if (conn->state == BT_CONFIG) {
2278 if (!ev->status)
2279 conn->state = BT_CONNECTED;
2280
2281 hci_proto_connect_cfm(conn, ev->status);
2282 hci_conn_put(conn);
2283 } else
2284 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2285 }
2286
2287unlock:
2288 hci_dev_unlock(hdev);
2289}
2290
2291static void hci_change_link_key_complete_evt(struct hci_dev *hdev,
2292 struct sk_buff *skb)
2293{
2294 struct hci_ev_change_link_key_complete *ev = (void *) skb->data;
2295 struct hci_conn *conn;
2296
2297 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2298
2299 hci_dev_lock(hdev);
2300
2301 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2302 if (conn) {
2303 if (!ev->status)
2304 conn->link_mode |= HCI_LM_SECURE;
2305
2306 clear_bit(HCI_CONN_AUTH_PEND, &conn->flags);
2307
2308 hci_key_change_cfm(conn, ev->status);
2309 }
2310
2311 hci_dev_unlock(hdev);
2312}
2313
2314static void hci_remote_features_evt(struct hci_dev *hdev,
2315 struct sk_buff *skb)
2316{
2317 struct hci_ev_remote_features *ev = (void *) skb->data;
2318 struct hci_conn *conn;
2319
2320 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2321
2322 hci_dev_lock(hdev);
2323
2324 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2325 if (!conn)
2326 goto unlock;
2327
2328 if (!ev->status)
2329 memcpy(conn->features, ev->features, 8);
2330
2331 if (conn->state != BT_CONFIG)
2332 goto unlock;
2333
2334 if (!ev->status && lmp_ssp_capable(hdev) && lmp_ssp_capable(conn)) {
2335 struct hci_cp_read_remote_ext_features cp;
2336 cp.handle = ev->handle;
2337 cp.page = 0x01;
2338 hci_send_cmd(hdev, HCI_OP_READ_REMOTE_EXT_FEATURES,
2339 sizeof(cp), &cp);
2340 goto unlock;
2341 }
2342
2343 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
2344 struct hci_cp_remote_name_req cp;
2345 memset(&cp, 0, sizeof(cp));
2346 bacpy(&cp.bdaddr, &conn->dst);
2347 cp.pscan_rep_mode = 0x02;
2348 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
2349 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
2350 mgmt_device_connected(hdev, &conn->dst, conn->type,
2351 conn->dst_type, 0, NULL, 0,
2352 conn->dev_class);
2353
2354 if (!hci_outgoing_auth_needed(hdev, conn)) {
2355 conn->state = BT_CONNECTED;
2356 hci_proto_connect_cfm(conn, ev->status);
2357 hci_conn_put(conn);
2358 }
2359
2360unlock:
2361 hci_dev_unlock(hdev);
2362}
2363
2364static void hci_remote_version_evt(struct hci_dev *hdev, struct sk_buff *skb)
2365{
2366 BT_DBG("%s", hdev->name);
2367}
2368
2369static void hci_qos_setup_complete_evt(struct hci_dev *hdev,
2370 struct sk_buff *skb)
2371{
2372 BT_DBG("%s", hdev->name);
2373}
2374
2375static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
2376{
2377 struct hci_ev_cmd_complete *ev = (void *) skb->data;
2378 __u16 opcode;
2379
2380 skb_pull(skb, sizeof(*ev));
2381
2382 opcode = __le16_to_cpu(ev->opcode);
2383
2384 switch (opcode) {
2385 case HCI_OP_INQUIRY_CANCEL:
2386 hci_cc_inquiry_cancel(hdev, skb);
2387 break;
2388
2389 case HCI_OP_PERIODIC_INQ:
2390 hci_cc_periodic_inq(hdev, skb);
2391 break;
2392
2393 case HCI_OP_EXIT_PERIODIC_INQ:
2394 hci_cc_exit_periodic_inq(hdev, skb);
2395 break;
2396
2397 case HCI_OP_REMOTE_NAME_REQ_CANCEL:
2398 hci_cc_remote_name_req_cancel(hdev, skb);
2399 break;
2400
2401 case HCI_OP_ROLE_DISCOVERY:
2402 hci_cc_role_discovery(hdev, skb);
2403 break;
2404
2405 case HCI_OP_READ_LINK_POLICY:
2406 hci_cc_read_link_policy(hdev, skb);
2407 break;
2408
2409 case HCI_OP_WRITE_LINK_POLICY:
2410 hci_cc_write_link_policy(hdev, skb);
2411 break;
2412
2413 case HCI_OP_READ_DEF_LINK_POLICY:
2414 hci_cc_read_def_link_policy(hdev, skb);
2415 break;
2416
2417 case HCI_OP_WRITE_DEF_LINK_POLICY:
2418 hci_cc_write_def_link_policy(hdev, skb);
2419 break;
2420
2421 case HCI_OP_RESET:
2422 hci_cc_reset(hdev, skb);
2423 break;
2424
2425 case HCI_OP_WRITE_LOCAL_NAME:
2426 hci_cc_write_local_name(hdev, skb);
2427 break;
2428
2429 case HCI_OP_READ_LOCAL_NAME:
2430 hci_cc_read_local_name(hdev, skb);
2431 break;
2432
2433 case HCI_OP_WRITE_AUTH_ENABLE:
2434 hci_cc_write_auth_enable(hdev, skb);
2435 break;
2436
2437 case HCI_OP_WRITE_ENCRYPT_MODE:
2438 hci_cc_write_encrypt_mode(hdev, skb);
2439 break;
2440
2441 case HCI_OP_WRITE_SCAN_ENABLE:
2442 hci_cc_write_scan_enable(hdev, skb);
2443 break;
2444
2445 case HCI_OP_READ_CLASS_OF_DEV:
2446 hci_cc_read_class_of_dev(hdev, skb);
2447 break;
2448
2449 case HCI_OP_WRITE_CLASS_OF_DEV:
2450 hci_cc_write_class_of_dev(hdev, skb);
2451 break;
2452
2453 case HCI_OP_READ_VOICE_SETTING:
2454 hci_cc_read_voice_setting(hdev, skb);
2455 break;
2456
2457 case HCI_OP_WRITE_VOICE_SETTING:
2458 hci_cc_write_voice_setting(hdev, skb);
2459 break;
2460
2461 case HCI_OP_HOST_BUFFER_SIZE:
2462 hci_cc_host_buffer_size(hdev, skb);
2463 break;
2464
2465 case HCI_OP_WRITE_SSP_MODE:
2466 hci_cc_write_ssp_mode(hdev, skb);
2467 break;
2468
2469 case HCI_OP_READ_LOCAL_VERSION:
2470 hci_cc_read_local_version(hdev, skb);
2471 break;
2472
2473 case HCI_OP_READ_LOCAL_COMMANDS:
2474 hci_cc_read_local_commands(hdev, skb);
2475 break;
2476
2477 case HCI_OP_READ_LOCAL_FEATURES:
2478 hci_cc_read_local_features(hdev, skb);
2479 break;
2480
2481 case HCI_OP_READ_LOCAL_EXT_FEATURES:
2482 hci_cc_read_local_ext_features(hdev, skb);
2483 break;
2484
2485 case HCI_OP_READ_BUFFER_SIZE:
2486 hci_cc_read_buffer_size(hdev, skb);
2487 break;
2488
2489 case HCI_OP_READ_BD_ADDR:
2490 hci_cc_read_bd_addr(hdev, skb);
2491 break;
2492
2493 case HCI_OP_READ_DATA_BLOCK_SIZE:
2494 hci_cc_read_data_block_size(hdev, skb);
2495 break;
2496
2497 case HCI_OP_WRITE_CA_TIMEOUT:
2498 hci_cc_write_ca_timeout(hdev, skb);
2499 break;
2500
2501 case HCI_OP_READ_FLOW_CONTROL_MODE:
2502 hci_cc_read_flow_control_mode(hdev, skb);
2503 break;
2504
2505 case HCI_OP_READ_LOCAL_AMP_INFO:
2506 hci_cc_read_local_amp_info(hdev, skb);
2507 break;
2508
2509 case HCI_OP_READ_LOCAL_AMP_ASSOC:
2510 hci_cc_read_local_amp_assoc(hdev, skb);
2511 break;
2512
2513 case HCI_OP_DELETE_STORED_LINK_KEY:
2514 hci_cc_delete_stored_link_key(hdev, skb);
2515 break;
2516
2517 case HCI_OP_SET_EVENT_MASK:
2518 hci_cc_set_event_mask(hdev, skb);
2519 break;
2520
2521 case HCI_OP_WRITE_INQUIRY_MODE:
2522 hci_cc_write_inquiry_mode(hdev, skb);
2523 break;
2524
2525 case HCI_OP_READ_INQ_RSP_TX_POWER:
2526 hci_cc_read_inq_rsp_tx_power(hdev, skb);
2527 break;
2528
2529 case HCI_OP_SET_EVENT_FLT:
2530 hci_cc_set_event_flt(hdev, skb);
2531 break;
2532
2533 case HCI_OP_PIN_CODE_REPLY:
2534 hci_cc_pin_code_reply(hdev, skb);
2535 break;
2536
2537 case HCI_OP_PIN_CODE_NEG_REPLY:
2538 hci_cc_pin_code_neg_reply(hdev, skb);
2539 break;
2540
2541 case HCI_OP_READ_LOCAL_OOB_DATA:
2542 hci_cc_read_local_oob_data_reply(hdev, skb);
2543 break;
2544
2545 case HCI_OP_LE_READ_BUFFER_SIZE:
2546 hci_cc_le_read_buffer_size(hdev, skb);
2547 break;
2548
2549 case HCI_OP_LE_READ_ADV_TX_POWER:
2550 hci_cc_le_read_adv_tx_power(hdev, skb);
2551 break;
2552
2553 case HCI_OP_LE_SET_EVENT_MASK:
2554 hci_cc_le_set_event_mask(hdev, skb);
2555 break;
2556
2557 case HCI_OP_USER_CONFIRM_REPLY:
2558 hci_cc_user_confirm_reply(hdev, skb);
2559 break;
2560
2561 case HCI_OP_USER_CONFIRM_NEG_REPLY:
2562 hci_cc_user_confirm_neg_reply(hdev, skb);
2563 break;
2564
2565 case HCI_OP_USER_PASSKEY_REPLY:
2566 hci_cc_user_passkey_reply(hdev, skb);
2567 break;
2568
2569 case HCI_OP_USER_PASSKEY_NEG_REPLY:
2570 hci_cc_user_passkey_neg_reply(hdev, skb);
2571 break;
2572
2573 case HCI_OP_LE_SET_SCAN_PARAM:
2574 hci_cc_le_set_scan_param(hdev, skb);
2575 break;
2576
2577 case HCI_OP_LE_SET_SCAN_ENABLE:
2578 hci_cc_le_set_scan_enable(hdev, skb);
2579 break;
2580
2581 case HCI_OP_LE_LTK_REPLY:
2582 hci_cc_le_ltk_reply(hdev, skb);
2583 break;
2584
2585 case HCI_OP_LE_LTK_NEG_REPLY:
2586 hci_cc_le_ltk_neg_reply(hdev, skb);
2587 break;
2588
2589 case HCI_OP_WRITE_LE_HOST_SUPPORTED:
2590 hci_cc_write_le_host_supported(hdev, skb);
2591 break;
2592
2593 case HCI_OP_WRITE_REMOTE_AMP_ASSOC:
2594 hci_cc_write_remote_amp_assoc(hdev, skb);
2595 break;
2596
2597 default:
2598 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2599 break;
2600 }
2601
2602 if (ev->opcode != HCI_OP_NOP)
2603 del_timer(&hdev->cmd_timer);
2604
2605 if (ev->ncmd) {
2606 atomic_set(&hdev->cmd_cnt, 1);
2607 if (!skb_queue_empty(&hdev->cmd_q))
2608 queue_work(hdev->workqueue, &hdev->cmd_work);
2609 }
2610}
2611
2612static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2613{
2614 struct hci_ev_cmd_status *ev = (void *) skb->data;
2615 __u16 opcode;
2616
2617 skb_pull(skb, sizeof(*ev));
2618
2619 opcode = __le16_to_cpu(ev->opcode);
2620
2621 switch (opcode) {
2622 case HCI_OP_INQUIRY:
2623 hci_cs_inquiry(hdev, ev->status);
2624 break;
2625
2626 case HCI_OP_CREATE_CONN:
2627 hci_cs_create_conn(hdev, ev->status);
2628 break;
2629
2630 case HCI_OP_ADD_SCO:
2631 hci_cs_add_sco(hdev, ev->status);
2632 break;
2633
2634 case HCI_OP_AUTH_REQUESTED:
2635 hci_cs_auth_requested(hdev, ev->status);
2636 break;
2637
2638 case HCI_OP_SET_CONN_ENCRYPT:
2639 hci_cs_set_conn_encrypt(hdev, ev->status);
2640 break;
2641
2642 case HCI_OP_REMOTE_NAME_REQ:
2643 hci_cs_remote_name_req(hdev, ev->status);
2644 break;
2645
2646 case HCI_OP_READ_REMOTE_FEATURES:
2647 hci_cs_read_remote_features(hdev, ev->status);
2648 break;
2649
2650 case HCI_OP_READ_REMOTE_EXT_FEATURES:
2651 hci_cs_read_remote_ext_features(hdev, ev->status);
2652 break;
2653
2654 case HCI_OP_SETUP_SYNC_CONN:
2655 hci_cs_setup_sync_conn(hdev, ev->status);
2656 break;
2657
2658 case HCI_OP_SNIFF_MODE:
2659 hci_cs_sniff_mode(hdev, ev->status);
2660 break;
2661
2662 case HCI_OP_EXIT_SNIFF_MODE:
2663 hci_cs_exit_sniff_mode(hdev, ev->status);
2664 break;
2665
2666 case HCI_OP_DISCONNECT:
2667 hci_cs_disconnect(hdev, ev->status);
2668 break;
2669
2670 case HCI_OP_LE_CREATE_CONN:
2671 hci_cs_le_create_conn(hdev, ev->status);
2672 break;
2673
2674 case HCI_OP_LE_START_ENC:
2675 hci_cs_le_start_enc(hdev, ev->status);
2676 break;
2677
2678 case HCI_OP_CREATE_PHY_LINK:
2679 hci_cs_create_phylink(hdev, ev->status);
2680 break;
2681
2682 case HCI_OP_ACCEPT_PHY_LINK:
2683 hci_cs_accept_phylink(hdev, ev->status);
2684 break;
2685
2686 case HCI_OP_CREATE_LOGICAL_LINK:
2687 hci_cs_create_logical_link(hdev, ev->status);
2688 break;
2689
2690 default:
2691 BT_DBG("%s opcode 0x%4.4x", hdev->name, opcode);
2692 break;
2693 }
2694
2695 if (ev->opcode != HCI_OP_NOP)
2696 del_timer(&hdev->cmd_timer);
2697
2698 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2699 atomic_set(&hdev->cmd_cnt, 1);
2700 if (!skb_queue_empty(&hdev->cmd_q))
2701 queue_work(hdev->workqueue, &hdev->cmd_work);
2702 }
2703}
2704
2705static void hci_role_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2706{
2707 struct hci_ev_role_change *ev = (void *) skb->data;
2708 struct hci_conn *conn;
2709
2710 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2711
2712 hci_dev_lock(hdev);
2713
2714 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2715 if (conn) {
2716 if (!ev->status) {
2717 if (ev->role)
2718 conn->link_mode &= ~HCI_LM_MASTER;
2719 else
2720 conn->link_mode |= HCI_LM_MASTER;
2721 }
2722
2723 clear_bit(HCI_CONN_RSWITCH_PEND, &conn->flags);
2724
2725 hci_role_switch_cfm(conn, ev->status, ev->role);
2726 }
2727
2728 hci_dev_unlock(hdev);
2729}
2730
2731static void hci_num_comp_pkts_evt(struct hci_dev *hdev, struct sk_buff *skb)
2732{
2733 struct hci_ev_num_comp_pkts *ev = (void *) skb->data;
2734 int i;
2735
2736 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_PACKET_BASED) {
2737 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2738 return;
2739 }
2740
2741 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2742 ev->num_hndl * sizeof(struct hci_comp_pkts_info)) {
2743 BT_DBG("%s bad parameters", hdev->name);
2744 return;
2745 }
2746
2747 BT_DBG("%s num_hndl %d", hdev->name, ev->num_hndl);
2748
2749 for (i = 0; i < ev->num_hndl; i++) {
2750 struct hci_comp_pkts_info *info = &ev->handles[i];
2751 struct hci_conn *conn;
2752 __u16 handle, count;
2753
2754 handle = __le16_to_cpu(info->handle);
2755 count = __le16_to_cpu(info->count);
2756
2757 conn = hci_conn_hash_lookup_handle(hdev, handle);
2758 if (!conn)
2759 continue;
2760
2761 conn->sent -= count;
2762
2763 switch (conn->type) {
2764 case ACL_LINK:
2765 hdev->acl_cnt += count;
2766 if (hdev->acl_cnt > hdev->acl_pkts)
2767 hdev->acl_cnt = hdev->acl_pkts;
2768 break;
2769
2770 case LE_LINK:
2771 if (hdev->le_pkts) {
2772 hdev->le_cnt += count;
2773 if (hdev->le_cnt > hdev->le_pkts)
2774 hdev->le_cnt = hdev->le_pkts;
2775 } else {
2776 hdev->acl_cnt += count;
2777 if (hdev->acl_cnt > hdev->acl_pkts)
2778 hdev->acl_cnt = hdev->acl_pkts;
2779 }
2780 break;
2781
2782 case SCO_LINK:
2783 hdev->sco_cnt += count;
2784 if (hdev->sco_cnt > hdev->sco_pkts)
2785 hdev->sco_cnt = hdev->sco_pkts;
2786 break;
2787
2788 default:
2789 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2790 break;
2791 }
2792 }
2793
2794 queue_work(hdev->workqueue, &hdev->tx_work);
2795}
2796
2797static struct hci_conn *__hci_conn_lookup_handle(struct hci_dev *hdev,
2798 __u16 handle)
2799{
2800 struct hci_chan *chan;
2801
2802 switch (hdev->dev_type) {
2803 case HCI_BREDR:
2804 return hci_conn_hash_lookup_handle(hdev, handle);
2805 case HCI_AMP:
2806 chan = hci_chan_lookup_handle(hdev, handle);
2807 if (chan)
2808 return chan->conn;
2809 break;
2810 default:
2811 BT_ERR("%s unknown dev_type %d", hdev->name, hdev->dev_type);
2812 break;
2813 }
2814
2815 return NULL;
2816}
2817
2818static void hci_num_comp_blocks_evt(struct hci_dev *hdev, struct sk_buff *skb)
2819{
2820 struct hci_ev_num_comp_blocks *ev = (void *) skb->data;
2821 int i;
2822
2823 if (hdev->flow_ctl_mode != HCI_FLOW_CTL_MODE_BLOCK_BASED) {
2824 BT_ERR("Wrong event for mode %d", hdev->flow_ctl_mode);
2825 return;
2826 }
2827
2828 if (skb->len < sizeof(*ev) || skb->len < sizeof(*ev) +
2829 ev->num_hndl * sizeof(struct hci_comp_blocks_info)) {
2830 BT_DBG("%s bad parameters", hdev->name);
2831 return;
2832 }
2833
2834 BT_DBG("%s num_blocks %d num_hndl %d", hdev->name, ev->num_blocks,
2835 ev->num_hndl);
2836
2837 for (i = 0; i < ev->num_hndl; i++) {
2838 struct hci_comp_blocks_info *info = &ev->handles[i];
2839 struct hci_conn *conn = NULL;
2840 __u16 handle, block_count;
2841
2842 handle = __le16_to_cpu(info->handle);
2843 block_count = __le16_to_cpu(info->blocks);
2844
2845 conn = __hci_conn_lookup_handle(hdev, handle);
2846 if (!conn)
2847 continue;
2848
2849 conn->sent -= block_count;
2850
2851 switch (conn->type) {
2852 case ACL_LINK:
2853 case AMP_LINK:
2854 hdev->block_cnt += block_count;
2855 if (hdev->block_cnt > hdev->num_blocks)
2856 hdev->block_cnt = hdev->num_blocks;
2857 break;
2858
2859 default:
2860 BT_ERR("Unknown type %d conn %p", conn->type, conn);
2861 break;
2862 }
2863 }
2864
2865 queue_work(hdev->workqueue, &hdev->tx_work);
2866}
2867
2868static void hci_mode_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2869{
2870 struct hci_ev_mode_change *ev = (void *) skb->data;
2871 struct hci_conn *conn;
2872
2873 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
2874
2875 hci_dev_lock(hdev);
2876
2877 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
2878 if (conn) {
2879 conn->mode = ev->mode;
2880 conn->interval = __le16_to_cpu(ev->interval);
2881
2882 if (!test_and_clear_bit(HCI_CONN_MODE_CHANGE_PEND,
2883 &conn->flags)) {
2884 if (conn->mode == HCI_CM_ACTIVE)
2885 set_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2886 else
2887 clear_bit(HCI_CONN_POWER_SAVE, &conn->flags);
2888 }
2889
2890 if (test_and_clear_bit(HCI_CONN_SCO_SETUP_PEND, &conn->flags))
2891 hci_sco_setup(conn, ev->status);
2892 }
2893
2894 hci_dev_unlock(hdev);
2895}
2896
2897static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2898{
2899 struct hci_ev_pin_code_req *ev = (void *) skb->data;
2900 struct hci_conn *conn;
2901
2902 BT_DBG("%s", hdev->name);
2903
2904 hci_dev_lock(hdev);
2905
2906 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2907 if (!conn)
2908 goto unlock;
2909
2910 if (conn->state == BT_CONNECTED) {
2911 hci_conn_hold(conn);
2912 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2913 hci_conn_put(conn);
2914 }
2915
2916 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
2917 hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
2918 sizeof(ev->bdaddr), &ev->bdaddr);
2919 else if (test_bit(HCI_MGMT, &hdev->dev_flags)) {
2920 u8 secure;
2921
2922 if (conn->pending_sec_level == BT_SECURITY_HIGH)
2923 secure = 1;
2924 else
2925 secure = 0;
2926
2927 mgmt_pin_code_request(hdev, &ev->bdaddr, secure);
2928 }
2929
2930unlock:
2931 hci_dev_unlock(hdev);
2932}
2933
2934static void hci_link_key_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2935{
2936 struct hci_ev_link_key_req *ev = (void *) skb->data;
2937 struct hci_cp_link_key_reply cp;
2938 struct hci_conn *conn;
2939 struct link_key *key;
2940
2941 BT_DBG("%s", hdev->name);
2942
2943 if (!test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
2944 return;
2945
2946 hci_dev_lock(hdev);
2947
2948 key = hci_find_link_key(hdev, &ev->bdaddr);
2949 if (!key) {
2950 BT_DBG("%s link key not found for %pMR", hdev->name,
2951 &ev->bdaddr);
2952 goto not_found;
2953 }
2954
2955 BT_DBG("%s found key type %u for %pMR", hdev->name, key->type,
2956 &ev->bdaddr);
2957
2958 if (!test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags) &&
2959 key->type == HCI_LK_DEBUG_COMBINATION) {
2960 BT_DBG("%s ignoring debug key", hdev->name);
2961 goto not_found;
2962 }
2963
2964 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
2965 if (conn) {
2966 if (key->type == HCI_LK_UNAUTH_COMBINATION &&
2967 conn->auth_type != 0xff && (conn->auth_type & 0x01)) {
2968 BT_DBG("%s ignoring unauthenticated key", hdev->name);
2969 goto not_found;
2970 }
2971
2972 if (key->type == HCI_LK_COMBINATION && key->pin_len < 16 &&
2973 conn->pending_sec_level == BT_SECURITY_HIGH) {
2974 BT_DBG("%s ignoring key unauthenticated for high security",
2975 hdev->name);
2976 goto not_found;
2977 }
2978
2979 conn->key_type = key->type;
2980 conn->pin_length = key->pin_len;
2981 }
2982
2983 bacpy(&cp.bdaddr, &ev->bdaddr);
2984 memcpy(cp.link_key, key->val, HCI_LINK_KEY_SIZE);
2985
2986 hci_send_cmd(hdev, HCI_OP_LINK_KEY_REPLY, sizeof(cp), &cp);
2987
2988 hci_dev_unlock(hdev);
2989
2990 return;
2991
2992not_found:
2993 hci_send_cmd(hdev, HCI_OP_LINK_KEY_NEG_REPLY, 6, &ev->bdaddr);
2994 hci_dev_unlock(hdev);
2995}
2996
2997static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2998{
2999 struct hci_ev_link_key_notify *ev = (void *) skb->data;
3000 struct hci_conn *conn;
3001 u8 pin_len = 0;
3002
3003 BT_DBG("%s", hdev->name);
3004
3005 hci_dev_lock(hdev);
3006
3007 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3008 if (conn) {
3009 hci_conn_hold(conn);
3010 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3011 pin_len = conn->pin_length;
3012
3013 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
3014 conn->key_type = ev->key_type;
3015
3016 hci_conn_put(conn);
3017 }
3018
3019 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
3020 hci_add_link_key(hdev, conn, 1, &ev->bdaddr, ev->link_key,
3021 ev->key_type, pin_len);
3022
3023 hci_dev_unlock(hdev);
3024}
3025
3026static void hci_clock_offset_evt(struct hci_dev *hdev, struct sk_buff *skb)
3027{
3028 struct hci_ev_clock_offset *ev = (void *) skb->data;
3029 struct hci_conn *conn;
3030
3031 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3032
3033 hci_dev_lock(hdev);
3034
3035 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3036 if (conn && !ev->status) {
3037 struct inquiry_entry *ie;
3038
3039 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3040 if (ie) {
3041 ie->data.clock_offset = ev->clock_offset;
3042 ie->timestamp = jiffies;
3043 }
3044 }
3045
3046 hci_dev_unlock(hdev);
3047}
3048
3049static void hci_pkt_type_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
3050{
3051 struct hci_ev_pkt_type_change *ev = (void *) skb->data;
3052 struct hci_conn *conn;
3053
3054 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3055
3056 hci_dev_lock(hdev);
3057
3058 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3059 if (conn && !ev->status)
3060 conn->pkt_type = __le16_to_cpu(ev->pkt_type);
3061
3062 hci_dev_unlock(hdev);
3063}
3064
3065static void hci_pscan_rep_mode_evt(struct hci_dev *hdev, struct sk_buff *skb)
3066{
3067 struct hci_ev_pscan_rep_mode *ev = (void *) skb->data;
3068 struct inquiry_entry *ie;
3069
3070 BT_DBG("%s", hdev->name);
3071
3072 hci_dev_lock(hdev);
3073
3074 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3075 if (ie) {
3076 ie->data.pscan_rep_mode = ev->pscan_rep_mode;
3077 ie->timestamp = jiffies;
3078 }
3079
3080 hci_dev_unlock(hdev);
3081}
3082
3083static void hci_inquiry_result_with_rssi_evt(struct hci_dev *hdev,
3084 struct sk_buff *skb)
3085{
3086 struct inquiry_data data;
3087 int num_rsp = *((__u8 *) skb->data);
3088 bool name_known, ssp;
3089
3090 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3091
3092 if (!num_rsp)
3093 return;
3094
3095 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3096 return;
3097
3098 hci_dev_lock(hdev);
3099
3100 if ((skb->len - 1) / num_rsp != sizeof(struct inquiry_info_with_rssi)) {
3101 struct inquiry_info_with_rssi_and_pscan_mode *info;
3102 info = (void *) (skb->data + 1);
3103
3104 for (; num_rsp; num_rsp--, info++) {
3105 bacpy(&data.bdaddr, &info->bdaddr);
3106 data.pscan_rep_mode = info->pscan_rep_mode;
3107 data.pscan_period_mode = info->pscan_period_mode;
3108 data.pscan_mode = info->pscan_mode;
3109 memcpy(data.dev_class, info->dev_class, 3);
3110 data.clock_offset = info->clock_offset;
3111 data.rssi = info->rssi;
3112 data.ssp_mode = 0x00;
3113
3114 name_known = hci_inquiry_cache_update(hdev, &data,
3115 false, &ssp);
3116 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3117 info->dev_class, info->rssi,
3118 !name_known, ssp, NULL, 0);
3119 }
3120 } else {
3121 struct inquiry_info_with_rssi *info = (void *) (skb->data + 1);
3122
3123 for (; num_rsp; num_rsp--, info++) {
3124 bacpy(&data.bdaddr, &info->bdaddr);
3125 data.pscan_rep_mode = info->pscan_rep_mode;
3126 data.pscan_period_mode = info->pscan_period_mode;
3127 data.pscan_mode = 0x00;
3128 memcpy(data.dev_class, info->dev_class, 3);
3129 data.clock_offset = info->clock_offset;
3130 data.rssi = info->rssi;
3131 data.ssp_mode = 0x00;
3132 name_known = hci_inquiry_cache_update(hdev, &data,
3133 false, &ssp);
3134 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3135 info->dev_class, info->rssi,
3136 !name_known, ssp, NULL, 0);
3137 }
3138 }
3139
3140 hci_dev_unlock(hdev);
3141}
3142
3143static void hci_remote_ext_features_evt(struct hci_dev *hdev,
3144 struct sk_buff *skb)
3145{
3146 struct hci_ev_remote_ext_features *ev = (void *) skb->data;
3147 struct hci_conn *conn;
3148
3149 BT_DBG("%s", hdev->name);
3150
3151 hci_dev_lock(hdev);
3152
3153 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3154 if (!conn)
3155 goto unlock;
3156
3157 if (!ev->status && ev->page == 0x01) {
3158 struct inquiry_entry *ie;
3159
3160 ie = hci_inquiry_cache_lookup(hdev, &conn->dst);
3161 if (ie)
3162 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3163
3164 if (ev->features[0] & LMP_HOST_SSP)
3165 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
3166 }
3167
3168 if (conn->state != BT_CONFIG)
3169 goto unlock;
3170
3171 if (!ev->status && !test_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags)) {
3172 struct hci_cp_remote_name_req cp;
3173 memset(&cp, 0, sizeof(cp));
3174 bacpy(&cp.bdaddr, &conn->dst);
3175 cp.pscan_rep_mode = 0x02;
3176 hci_send_cmd(hdev, HCI_OP_REMOTE_NAME_REQ, sizeof(cp), &cp);
3177 } else if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3178 mgmt_device_connected(hdev, &conn->dst, conn->type,
3179 conn->dst_type, 0, NULL, 0,
3180 conn->dev_class);
3181
3182 if (!hci_outgoing_auth_needed(hdev, conn)) {
3183 conn->state = BT_CONNECTED;
3184 hci_proto_connect_cfm(conn, ev->status);
3185 hci_conn_put(conn);
3186 }
3187
3188unlock:
3189 hci_dev_unlock(hdev);
3190}
3191
3192static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
3193 struct sk_buff *skb)
3194{
3195 struct hci_ev_sync_conn_complete *ev = (void *) skb->data;
3196 struct hci_conn *conn;
3197
3198 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3199
3200 hci_dev_lock(hdev);
3201
3202 conn = hci_conn_hash_lookup_ba(hdev, ev->link_type, &ev->bdaddr);
3203 if (!conn) {
3204 if (ev->link_type == ESCO_LINK)
3205 goto unlock;
3206
3207 conn = hci_conn_hash_lookup_ba(hdev, ESCO_LINK, &ev->bdaddr);
3208 if (!conn)
3209 goto unlock;
3210
3211 conn->type = SCO_LINK;
3212 }
3213
3214 switch (ev->status) {
3215 case 0x00:
3216 conn->handle = __le16_to_cpu(ev->handle);
3217 conn->state = BT_CONNECTED;
3218
3219 hci_conn_hold_device(conn);
3220 hci_conn_add_sysfs(conn);
3221 break;
3222
3223 case 0x11: /* Unsupported Feature or Parameter Value */
3224 case 0x1c: /* SCO interval rejected */
3225 case 0x1a: /* Unsupported Remote Feature */
3226 case 0x1f: /* Unspecified error */
3227 if (conn->out && conn->attempt < 2) {
3228 conn->pkt_type = (hdev->esco_type & SCO_ESCO_MASK) |
3229 (hdev->esco_type & EDR_ESCO_MASK);
3230 hci_setup_sync(conn, conn->link->handle);
3231 goto unlock;
3232 }
3233 /* fall through */
3234
3235 default:
3236 conn->state = BT_CLOSED;
3237 break;
3238 }
3239
3240 hci_proto_connect_cfm(conn, ev->status);
3241 if (ev->status)
3242 hci_conn_del(conn);
3243
3244unlock:
3245 hci_dev_unlock(hdev);
3246}
3247
3248static void hci_sync_conn_changed_evt(struct hci_dev *hdev, struct sk_buff *skb)
3249{
3250 BT_DBG("%s", hdev->name);
3251}
3252
3253static void hci_sniff_subrate_evt(struct hci_dev *hdev, struct sk_buff *skb)
3254{
3255 struct hci_ev_sniff_subrate *ev = (void *) skb->data;
3256
3257 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3258}
3259
3260static void hci_extended_inquiry_result_evt(struct hci_dev *hdev,
3261 struct sk_buff *skb)
3262{
3263 struct inquiry_data data;
3264 struct extended_inquiry_info *info = (void *) (skb->data + 1);
3265 int num_rsp = *((__u8 *) skb->data);
3266 size_t eir_len;
3267
3268 BT_DBG("%s num_rsp %d", hdev->name, num_rsp);
3269
3270 if (!num_rsp)
3271 return;
3272
3273 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags))
3274 return;
3275
3276 hci_dev_lock(hdev);
3277
3278 for (; num_rsp; num_rsp--, info++) {
3279 bool name_known, ssp;
3280
3281 bacpy(&data.bdaddr, &info->bdaddr);
3282 data.pscan_rep_mode = info->pscan_rep_mode;
3283 data.pscan_period_mode = info->pscan_period_mode;
3284 data.pscan_mode = 0x00;
3285 memcpy(data.dev_class, info->dev_class, 3);
3286 data.clock_offset = info->clock_offset;
3287 data.rssi = info->rssi;
3288 data.ssp_mode = 0x01;
3289
3290 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3291 name_known = eir_has_data_type(info->data,
3292 sizeof(info->data),
3293 EIR_NAME_COMPLETE);
3294 else
3295 name_known = true;
3296
3297 name_known = hci_inquiry_cache_update(hdev, &data, name_known,
3298 &ssp);
3299 eir_len = eir_get_length(info->data, sizeof(info->data));
3300 mgmt_device_found(hdev, &info->bdaddr, ACL_LINK, 0x00,
3301 info->dev_class, info->rssi, !name_known,
3302 ssp, info->data, eir_len);
3303 }
3304
3305 hci_dev_unlock(hdev);
3306}
3307
3308static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3309 struct sk_buff *skb)
3310{
3311 struct hci_ev_key_refresh_complete *ev = (void *) skb->data;
3312 struct hci_conn *conn;
3313
3314 BT_DBG("%s status 0x%2.2x handle 0x%4.4x", hdev->name, ev->status,
3315 __le16_to_cpu(ev->handle));
3316
3317 hci_dev_lock(hdev);
3318
3319 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3320 if (!conn)
3321 goto unlock;
3322
3323 if (!ev->status)
3324 conn->sec_level = conn->pending_sec_level;
3325
3326 clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
3327
3328 if (ev->status && conn->state == BT_CONNECTED) {
3329 hci_acl_disconn(conn, HCI_ERROR_AUTH_FAILURE);
3330 hci_conn_put(conn);
3331 goto unlock;
3332 }
3333
3334 if (conn->state == BT_CONFIG) {
3335 if (!ev->status)
3336 conn->state = BT_CONNECTED;
3337
3338 hci_proto_connect_cfm(conn, ev->status);
3339 hci_conn_put(conn);
3340 } else {
3341 hci_auth_cfm(conn, ev->status);
3342
3343 hci_conn_hold(conn);
3344 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3345 hci_conn_put(conn);
3346 }
3347
3348unlock:
3349 hci_dev_unlock(hdev);
3350}
3351
3352static u8 hci_get_auth_req(struct hci_conn *conn)
3353{
3354 /* If remote requests dedicated bonding follow that lead */
3355 if (conn->remote_auth == 0x02 || conn->remote_auth == 0x03) {
3356 /* If both remote and local IO capabilities allow MITM
3357 * protection then require it, otherwise don't */
3358 if (conn->remote_cap == 0x03 || conn->io_capability == 0x03)
3359 return 0x02;
3360 else
3361 return 0x03;
3362 }
3363
3364 /* If remote requests no-bonding follow that lead */
3365 if (conn->remote_auth == 0x00 || conn->remote_auth == 0x01)
3366 return conn->remote_auth | (conn->auth_type & 0x01);
3367
3368 return conn->auth_type;
3369}
3370
3371static void hci_io_capa_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3372{
3373 struct hci_ev_io_capa_request *ev = (void *) skb->data;
3374 struct hci_conn *conn;
3375
3376 BT_DBG("%s", hdev->name);
3377
3378 hci_dev_lock(hdev);
3379
3380 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3381 if (!conn)
3382 goto unlock;
3383
3384 hci_conn_hold(conn);
3385
3386 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3387 goto unlock;
3388
3389 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags) ||
3390 (conn->remote_auth & ~0x01) == HCI_AT_NO_BONDING) {
3391 struct hci_cp_io_capability_reply cp;
3392
3393 bacpy(&cp.bdaddr, &ev->bdaddr);
3394 /* Change the IO capability from KeyboardDisplay
3395 * to DisplayYesNo as it is not supported by BT spec. */
3396 cp.capability = (conn->io_capability == 0x04) ?
3397 0x01 : conn->io_capability;
3398 conn->auth_type = hci_get_auth_req(conn);
3399 cp.authentication = conn->auth_type;
3400
3401 if (hci_find_remote_oob_data(hdev, &conn->dst) &&
3402 (conn->out || test_bit(HCI_CONN_REMOTE_OOB, &conn->flags)))
3403 cp.oob_data = 0x01;
3404 else
3405 cp.oob_data = 0x00;
3406
3407 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_REPLY,
3408 sizeof(cp), &cp);
3409 } else {
3410 struct hci_cp_io_capability_neg_reply cp;
3411
3412 bacpy(&cp.bdaddr, &ev->bdaddr);
3413 cp.reason = HCI_ERROR_PAIRING_NOT_ALLOWED;
3414
3415 hci_send_cmd(hdev, HCI_OP_IO_CAPABILITY_NEG_REPLY,
3416 sizeof(cp), &cp);
3417 }
3418
3419unlock:
3420 hci_dev_unlock(hdev);
3421}
3422
3423static void hci_io_capa_reply_evt(struct hci_dev *hdev, struct sk_buff *skb)
3424{
3425 struct hci_ev_io_capa_reply *ev = (void *) skb->data;
3426 struct hci_conn *conn;
3427
3428 BT_DBG("%s", hdev->name);
3429
3430 hci_dev_lock(hdev);
3431
3432 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3433 if (!conn)
3434 goto unlock;
3435
3436 conn->remote_cap = ev->capability;
3437 conn->remote_auth = ev->authentication;
3438 if (ev->oob_data)
3439 set_bit(HCI_CONN_REMOTE_OOB, &conn->flags);
3440
3441unlock:
3442 hci_dev_unlock(hdev);
3443}
3444
3445static void hci_user_confirm_request_evt(struct hci_dev *hdev,
3446 struct sk_buff *skb)
3447{
3448 struct hci_ev_user_confirm_req *ev = (void *) skb->data;
3449 int loc_mitm, rem_mitm, confirm_hint = 0;
3450 struct hci_conn *conn;
3451
3452 BT_DBG("%s", hdev->name);
3453
3454 hci_dev_lock(hdev);
3455
3456 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3457 goto unlock;
3458
3459 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3460 if (!conn)
3461 goto unlock;
3462
3463 loc_mitm = (conn->auth_type & 0x01);
3464 rem_mitm = (conn->remote_auth & 0x01);
3465
3466 /* If we require MITM but the remote device can't provide that
3467 * (it has NoInputNoOutput) then reject the confirmation
3468 * request. The only exception is when we're dedicated bonding
3469 * initiators (connect_cfm_cb set) since then we always have the MITM
3470 * bit set. */
3471 if (!conn->connect_cfm_cb && loc_mitm && conn->remote_cap == 0x03) {
3472 BT_DBG("Rejecting request: remote device can't provide MITM");
3473 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_NEG_REPLY,
3474 sizeof(ev->bdaddr), &ev->bdaddr);
3475 goto unlock;
3476 }
3477
3478 /* If no side requires MITM protection; auto-accept */
3479 if ((!loc_mitm || conn->remote_cap == 0x03) &&
3480 (!rem_mitm || conn->io_capability == 0x03)) {
3481
3482 /* If we're not the initiators request authorization to
3483 * proceed from user space (mgmt_user_confirm with
3484 * confirm_hint set to 1). */
3485 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
3486 BT_DBG("Confirming auto-accept as acceptor");
3487 confirm_hint = 1;
3488 goto confirm;
3489 }
3490
3491 BT_DBG("Auto-accept of user confirmation with %ums delay",
3492 hdev->auto_accept_delay);
3493
3494 if (hdev->auto_accept_delay > 0) {
3495 int delay = msecs_to_jiffies(hdev->auto_accept_delay);
3496 mod_timer(&conn->auto_accept_timer, jiffies + delay);
3497 goto unlock;
3498 }
3499
3500 hci_send_cmd(hdev, HCI_OP_USER_CONFIRM_REPLY,
3501 sizeof(ev->bdaddr), &ev->bdaddr);
3502 goto unlock;
3503 }
3504
3505confirm:
3506 mgmt_user_confirm_request(hdev, &ev->bdaddr, ACL_LINK, 0, ev->passkey,
3507 confirm_hint);
3508
3509unlock:
3510 hci_dev_unlock(hdev);
3511}
3512
3513static void hci_user_passkey_request_evt(struct hci_dev *hdev,
3514 struct sk_buff *skb)
3515{
3516 struct hci_ev_user_passkey_req *ev = (void *) skb->data;
3517
3518 BT_DBG("%s", hdev->name);
3519
3520 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3521 mgmt_user_passkey_request(hdev, &ev->bdaddr, ACL_LINK, 0);
3522}
3523
3524static void hci_user_passkey_notify_evt(struct hci_dev *hdev,
3525 struct sk_buff *skb)
3526{
3527 struct hci_ev_user_passkey_notify *ev = (void *) skb->data;
3528 struct hci_conn *conn;
3529
3530 BT_DBG("%s", hdev->name);
3531
3532 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3533 if (!conn)
3534 return;
3535
3536 conn->passkey_notify = __le32_to_cpu(ev->passkey);
3537 conn->passkey_entered = 0;
3538
3539 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3540 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3541 conn->dst_type, conn->passkey_notify,
3542 conn->passkey_entered);
3543}
3544
3545static void hci_keypress_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
3546{
3547 struct hci_ev_keypress_notify *ev = (void *) skb->data;
3548 struct hci_conn *conn;
3549
3550 BT_DBG("%s", hdev->name);
3551
3552 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3553 if (!conn)
3554 return;
3555
3556 switch (ev->type) {
3557 case HCI_KEYPRESS_STARTED:
3558 conn->passkey_entered = 0;
3559 return;
3560
3561 case HCI_KEYPRESS_ENTERED:
3562 conn->passkey_entered++;
3563 break;
3564
3565 case HCI_KEYPRESS_ERASED:
3566 conn->passkey_entered--;
3567 break;
3568
3569 case HCI_KEYPRESS_CLEARED:
3570 conn->passkey_entered = 0;
3571 break;
3572
3573 case HCI_KEYPRESS_COMPLETED:
3574 return;
3575 }
3576
3577 if (test_bit(HCI_MGMT, &hdev->dev_flags))
3578 mgmt_user_passkey_notify(hdev, &conn->dst, conn->type,
3579 conn->dst_type, conn->passkey_notify,
3580 conn->passkey_entered);
3581}
3582
3583static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3584 struct sk_buff *skb)
3585{
3586 struct hci_ev_simple_pair_complete *ev = (void *) skb->data;
3587 struct hci_conn *conn;
3588
3589 BT_DBG("%s", hdev->name);
3590
3591 hci_dev_lock(hdev);
3592
3593 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3594 if (!conn)
3595 goto unlock;
3596
3597 /* To avoid duplicate auth_failed events to user space we check
3598 * the HCI_CONN_AUTH_PEND flag which will be set if we
3599 * initiated the authentication. A traditional auth_complete
3600 * event gets always produced as initiator and is also mapped to
3601 * the mgmt_auth_failed event */
3602 if (!test_bit(HCI_CONN_AUTH_PEND, &conn->flags) && ev->status)
3603 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3604 ev->status);
3605
3606 hci_conn_put(conn);
3607
3608unlock:
3609 hci_dev_unlock(hdev);
3610}
3611
3612static void hci_remote_host_features_evt(struct hci_dev *hdev,
3613 struct sk_buff *skb)
3614{
3615 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3616 struct inquiry_entry *ie;
3617
3618 BT_DBG("%s", hdev->name);
3619
3620 hci_dev_lock(hdev);
3621
3622 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3623 if (ie)
3624 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
3625
3626 hci_dev_unlock(hdev);
3627}
3628
3629static void hci_remote_oob_data_request_evt(struct hci_dev *hdev,
3630 struct sk_buff *skb)
3631{
3632 struct hci_ev_remote_oob_data_request *ev = (void *) skb->data;
3633 struct oob_data *data;
3634
3635 BT_DBG("%s", hdev->name);
3636
3637 hci_dev_lock(hdev);
3638
3639 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
3640 goto unlock;
3641
3642 data = hci_find_remote_oob_data(hdev, &ev->bdaddr);
3643 if (data) {
3644 struct hci_cp_remote_oob_data_reply cp;
3645
3646 bacpy(&cp.bdaddr, &ev->bdaddr);
3647 memcpy(cp.hash, data->hash, sizeof(cp.hash));
3648 memcpy(cp.randomizer, data->randomizer, sizeof(cp.randomizer));
3649
3650 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_REPLY, sizeof(cp),
3651 &cp);
3652 } else {
3653 struct hci_cp_remote_oob_data_neg_reply cp;
3654
3655 bacpy(&cp.bdaddr, &ev->bdaddr);
3656 hci_send_cmd(hdev, HCI_OP_REMOTE_OOB_DATA_NEG_REPLY, sizeof(cp),
3657 &cp);
3658 }
3659
3660unlock:
3661 hci_dev_unlock(hdev);
3662}
3663
3664static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3665 struct sk_buff *skb)
3666{
3667 struct hci_ev_phy_link_complete *ev = (void *) skb->data;
3668 struct hci_conn *hcon, *bredr_hcon;
3669
3670 BT_DBG("%s handle 0x%2.2x status 0x%2.2x", hdev->name, ev->phy_handle,
3671 ev->status);
3672
3673 hci_dev_lock(hdev);
3674
3675 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3676 if (!hcon) {
3677 hci_dev_unlock(hdev);
3678 return;
3679 }
3680
3681 if (ev->status) {
3682 hci_conn_del(hcon);
3683 hci_dev_unlock(hdev);
3684 return;
3685 }
3686
3687 bredr_hcon = hcon->amp_mgr->l2cap_conn->hcon;
3688
3689 hcon->state = BT_CONNECTED;
3690 bacpy(&hcon->dst, &bredr_hcon->dst);
3691
3692 hci_conn_hold(hcon);
3693 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3694 hci_conn_put(hcon);
3695
3696 hci_conn_hold_device(hcon);
3697 hci_conn_add_sysfs(hcon);
3698
3699 hci_dev_unlock(hdev);
3700
3701 if (hcon->out) {
3702 struct hci_dev *bredr_hdev = hci_dev_hold(bredr_hcon->hdev);
3703
3704 if (!bredr_hdev)
3705 return;
3706
3707 /* Placeholder - create chan req
3708 l2cap_chan_create_cfm(bredr_hcon, hcon->remote_id);
3709 */
3710
3711 hci_dev_put(bredr_hdev);
3712 }
3713}
3714
3715static void hci_loglink_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3716{
3717 struct hci_ev_logical_link_complete *ev = (void *) skb->data;
3718 struct hci_conn *hcon;
3719 struct hci_chan *hchan;
3720 struct amp_mgr *mgr;
3721
3722 BT_DBG("%s log_handle 0x%4.4x phy_handle 0x%2.2x status 0x%2.2x",
3723 hdev->name, le16_to_cpu(ev->handle), ev->phy_handle,
3724 ev->status);
3725
3726 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3727 if (!hcon)
3728 return;
3729
3730 /* Create AMP hchan */
3731 hchan = hci_chan_create(hcon);
3732 if (!hchan)
3733 return;
3734
3735 hchan->handle = le16_to_cpu(ev->handle);
3736
3737 BT_DBG("hcon %p mgr %p hchan %p", hcon, hcon->amp_mgr, hchan);
3738
3739 mgr = hcon->amp_mgr;
3740 if (mgr && mgr->bredr_chan) {
3741 struct l2cap_chan *bredr_chan = mgr->bredr_chan;
3742
3743 l2cap_chan_lock(bredr_chan);
3744
3745 bredr_chan->conn->mtu = hdev->block_mtu;
3746 l2cap_logical_cfm(bredr_chan, hchan, 0);
3747 hci_conn_hold(hcon);
3748
3749 l2cap_chan_unlock(bredr_chan);
3750 }
3751}
3752
3753static void hci_disconn_loglink_complete_evt(struct hci_dev *hdev,
3754 struct sk_buff *skb)
3755{
3756 struct hci_ev_disconn_logical_link_complete *ev = (void *) skb->data;
3757 struct hci_chan *hchan;
3758
3759 BT_DBG("%s log handle 0x%4.4x status 0x%2.2x", hdev->name,
3760 le16_to_cpu(ev->handle), ev->status);
3761
3762 if (ev->status)
3763 return;
3764
3765 hci_dev_lock(hdev);
3766
3767 hchan = hci_chan_lookup_handle(hdev, le16_to_cpu(ev->handle));
3768 if (!hchan)
3769 goto unlock;
3770
3771 amp_destroy_logical_link(hchan, ev->reason);
3772
3773unlock:
3774 hci_dev_unlock(hdev);
3775}
3776
3777static void hci_disconn_phylink_complete_evt(struct hci_dev *hdev,
3778 struct sk_buff *skb)
3779{
3780 struct hci_ev_disconn_phy_link_complete *ev = (void *) skb->data;
3781 struct hci_conn *hcon;
3782
3783 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3784
3785 if (ev->status)
3786 return;
3787
3788 hci_dev_lock(hdev);
3789
3790 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3791 if (hcon) {
3792 hcon->state = BT_CLOSED;
3793 hci_conn_del(hcon);
3794 }
3795
3796 hci_dev_unlock(hdev);
3797}
3798
3799static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3800{
3801 struct hci_ev_le_conn_complete *ev = (void *) skb->data;
3802 struct hci_conn *conn;
3803
3804 BT_DBG("%s status 0x%2.2x", hdev->name, ev->status);
3805
3806 hci_dev_lock(hdev);
3807
3808 conn = hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT);
3809 if (!conn) {
3810 conn = hci_conn_add(hdev, LE_LINK, &ev->bdaddr);
3811 if (!conn) {
3812 BT_ERR("No memory for new connection");
3813 goto unlock;
3814 }
3815
3816 conn->dst_type = ev->bdaddr_type;
3817
3818 if (ev->role == LE_CONN_ROLE_MASTER) {
3819 conn->out = true;
3820 conn->link_mode |= HCI_LM_MASTER;
3821 }
3822 }
3823
3824 if (ev->status) {
3825 mgmt_connect_failed(hdev, &conn->dst, conn->type,
3826 conn->dst_type, ev->status);
3827 hci_proto_connect_cfm(conn, ev->status);
3828 conn->state = BT_CLOSED;
3829 hci_conn_del(conn);
3830 goto unlock;
3831 }
3832
3833 if (!test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &conn->flags))
3834 mgmt_device_connected(hdev, &ev->bdaddr, conn->type,
3835 conn->dst_type, 0, NULL, 0, NULL);
3836
3837 conn->sec_level = BT_SECURITY_LOW;
3838 conn->handle = __le16_to_cpu(ev->handle);
3839 conn->state = BT_CONNECTED;
3840
3841 hci_conn_hold_device(conn);
3842 hci_conn_add_sysfs(conn);
3843
3844 hci_proto_connect_cfm(conn, ev->status);
3845
3846unlock:
3847 hci_dev_unlock(hdev);
3848}
3849
3850static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
3851{
3852 u8 num_reports = skb->data[0];
3853 void *ptr = &skb->data[1];
3854 s8 rssi;
3855
3856 hci_dev_lock(hdev);
3857
3858 while (num_reports--) {
3859 struct hci_ev_le_advertising_info *ev = ptr;
3860
3861 rssi = ev->data[ev->length];
3862 mgmt_device_found(hdev, &ev->bdaddr, LE_LINK, ev->bdaddr_type,
3863 NULL, rssi, 0, 1, ev->data, ev->length);
3864
3865 ptr += sizeof(*ev) + ev->length + 1;
3866 }
3867
3868 hci_dev_unlock(hdev);
3869}
3870
3871static void hci_le_ltk_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
3872{
3873 struct hci_ev_le_ltk_req *ev = (void *) skb->data;
3874 struct hci_cp_le_ltk_reply cp;
3875 struct hci_cp_le_ltk_neg_reply neg;
3876 struct hci_conn *conn;
3877 struct smp_ltk *ltk;
3878
3879 BT_DBG("%s handle 0x%4.4x", hdev->name, __le16_to_cpu(ev->handle));
3880
3881 hci_dev_lock(hdev);
3882
3883 conn = hci_conn_hash_lookup_handle(hdev, __le16_to_cpu(ev->handle));
3884 if (conn == NULL)
3885 goto not_found;
3886
3887 ltk = hci_find_ltk(hdev, ev->ediv, ev->random);
3888 if (ltk == NULL)
3889 goto not_found;
3890
3891 memcpy(cp.ltk, ltk->val, sizeof(ltk->val));
3892 cp.handle = cpu_to_le16(conn->handle);
3893
3894 if (ltk->authenticated)
3895 conn->sec_level = BT_SECURITY_HIGH;
3896
3897 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp);
3898
3899 if (ltk->type & HCI_SMP_STK) {
3900 list_del(&ltk->list);
3901 kfree(ltk);
3902 }
3903
3904 hci_dev_unlock(hdev);
3905
3906 return;
3907
3908not_found:
3909 neg.handle = ev->handle;
3910 hci_send_cmd(hdev, HCI_OP_LE_LTK_NEG_REPLY, sizeof(neg), &neg);
3911 hci_dev_unlock(hdev);
3912}
3913
3914static void hci_le_meta_evt(struct hci_dev *hdev, struct sk_buff *skb)
3915{
3916 struct hci_ev_le_meta *le_ev = (void *) skb->data;
3917
3918 skb_pull(skb, sizeof(*le_ev));
3919
3920 switch (le_ev->subevent) {
3921 case HCI_EV_LE_CONN_COMPLETE:
3922 hci_le_conn_complete_evt(hdev, skb);
3923 break;
3924
3925 case HCI_EV_LE_ADVERTISING_REPORT:
3926 hci_le_adv_report_evt(hdev, skb);
3927 break;
3928
3929 case HCI_EV_LE_LTK_REQ:
3930 hci_le_ltk_request_evt(hdev, skb);
3931 break;
3932
3933 default:
3934 break;
3935 }
3936}
3937
3938static void hci_chan_selected_evt(struct hci_dev *hdev, struct sk_buff *skb)
3939{
3940 struct hci_ev_channel_selected *ev = (void *) skb->data;
3941 struct hci_conn *hcon;
3942
3943 BT_DBG("%s handle 0x%2.2x", hdev->name, ev->phy_handle);
3944
3945 skb_pull(skb, sizeof(*ev));
3946
3947 hcon = hci_conn_hash_lookup_handle(hdev, ev->phy_handle);
3948 if (!hcon)
3949 return;
3950
3951 amp_read_loc_assoc_final_data(hdev, hcon);
3952}
3953
3954void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3955{
3956 struct hci_event_hdr *hdr = (void *) skb->data;
3957 __u8 event = hdr->evt;
3958
3959 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3960
3961 switch (event) {
3962 case HCI_EV_INQUIRY_COMPLETE:
3963 hci_inquiry_complete_evt(hdev, skb);
3964 break;
3965
3966 case HCI_EV_INQUIRY_RESULT:
3967 hci_inquiry_result_evt(hdev, skb);
3968 break;
3969
3970 case HCI_EV_CONN_COMPLETE:
3971 hci_conn_complete_evt(hdev, skb);
3972 break;
3973
3974 case HCI_EV_CONN_REQUEST:
3975 hci_conn_request_evt(hdev, skb);
3976 break;
3977
3978 case HCI_EV_DISCONN_COMPLETE:
3979 hci_disconn_complete_evt(hdev, skb);
3980 break;
3981
3982 case HCI_EV_AUTH_COMPLETE:
3983 hci_auth_complete_evt(hdev, skb);
3984 break;
3985
3986 case HCI_EV_REMOTE_NAME:
3987 hci_remote_name_evt(hdev, skb);
3988 break;
3989
3990 case HCI_EV_ENCRYPT_CHANGE:
3991 hci_encrypt_change_evt(hdev, skb);
3992 break;
3993
3994 case HCI_EV_CHANGE_LINK_KEY_COMPLETE:
3995 hci_change_link_key_complete_evt(hdev, skb);
3996 break;
3997
3998 case HCI_EV_REMOTE_FEATURES:
3999 hci_remote_features_evt(hdev, skb);
4000 break;
4001
4002 case HCI_EV_REMOTE_VERSION:
4003 hci_remote_version_evt(hdev, skb);
4004 break;
4005
4006 case HCI_EV_QOS_SETUP_COMPLETE:
4007 hci_qos_setup_complete_evt(hdev, skb);
4008 break;
4009
4010 case HCI_EV_CMD_COMPLETE:
4011 hci_cmd_complete_evt(hdev, skb);
4012 break;
4013
4014 case HCI_EV_CMD_STATUS:
4015 hci_cmd_status_evt(hdev, skb);
4016 break;
4017
4018 case HCI_EV_ROLE_CHANGE:
4019 hci_role_change_evt(hdev, skb);
4020 break;
4021
4022 case HCI_EV_NUM_COMP_PKTS:
4023 hci_num_comp_pkts_evt(hdev, skb);
4024 break;
4025
4026 case HCI_EV_MODE_CHANGE:
4027 hci_mode_change_evt(hdev, skb);
4028 break;
4029
4030 case HCI_EV_PIN_CODE_REQ:
4031 hci_pin_code_request_evt(hdev, skb);
4032 break;
4033
4034 case HCI_EV_LINK_KEY_REQ:
4035 hci_link_key_request_evt(hdev, skb);
4036 break;
4037
4038 case HCI_EV_LINK_KEY_NOTIFY:
4039 hci_link_key_notify_evt(hdev, skb);
4040 break;
4041
4042 case HCI_EV_CLOCK_OFFSET:
4043 hci_clock_offset_evt(hdev, skb);
4044 break;
4045
4046 case HCI_EV_PKT_TYPE_CHANGE:
4047 hci_pkt_type_change_evt(hdev, skb);
4048 break;
4049
4050 case HCI_EV_PSCAN_REP_MODE:
4051 hci_pscan_rep_mode_evt(hdev, skb);
4052 break;
4053
4054 case HCI_EV_INQUIRY_RESULT_WITH_RSSI:
4055 hci_inquiry_result_with_rssi_evt(hdev, skb);
4056 break;
4057
4058 case HCI_EV_REMOTE_EXT_FEATURES:
4059 hci_remote_ext_features_evt(hdev, skb);
4060 break;
4061
4062 case HCI_EV_SYNC_CONN_COMPLETE:
4063 hci_sync_conn_complete_evt(hdev, skb);
4064 break;
4065
4066 case HCI_EV_SYNC_CONN_CHANGED:
4067 hci_sync_conn_changed_evt(hdev, skb);
4068 break;
4069
4070 case HCI_EV_SNIFF_SUBRATE:
4071 hci_sniff_subrate_evt(hdev, skb);
4072 break;
4073
4074 case HCI_EV_EXTENDED_INQUIRY_RESULT:
4075 hci_extended_inquiry_result_evt(hdev, skb);
4076 break;
4077
4078 case HCI_EV_KEY_REFRESH_COMPLETE:
4079 hci_key_refresh_complete_evt(hdev, skb);
4080 break;
4081
4082 case HCI_EV_IO_CAPA_REQUEST:
4083 hci_io_capa_request_evt(hdev, skb);
4084 break;
4085
4086 case HCI_EV_IO_CAPA_REPLY:
4087 hci_io_capa_reply_evt(hdev, skb);
4088 break;
4089
4090 case HCI_EV_USER_CONFIRM_REQUEST:
4091 hci_user_confirm_request_evt(hdev, skb);
4092 break;
4093
4094 case HCI_EV_USER_PASSKEY_REQUEST:
4095 hci_user_passkey_request_evt(hdev, skb);
4096 break;
4097
4098 case HCI_EV_USER_PASSKEY_NOTIFY:
4099 hci_user_passkey_notify_evt(hdev, skb);
4100 break;
4101
4102 case HCI_EV_KEYPRESS_NOTIFY:
4103 hci_keypress_notify_evt(hdev, skb);
4104 break;
4105
4106 case HCI_EV_SIMPLE_PAIR_COMPLETE:
4107 hci_simple_pair_complete_evt(hdev, skb);
4108 break;
4109
4110 case HCI_EV_REMOTE_HOST_FEATURES:
4111 hci_remote_host_features_evt(hdev, skb);
4112 break;
4113
4114 case HCI_EV_LE_META:
4115 hci_le_meta_evt(hdev, skb);
4116 break;
4117
4118 case HCI_EV_CHANNEL_SELECTED:
4119 hci_chan_selected_evt(hdev, skb);
4120 break;
4121
4122 case HCI_EV_REMOTE_OOB_DATA_REQUEST:
4123 hci_remote_oob_data_request_evt(hdev, skb);
4124 break;
4125
4126 case HCI_EV_PHY_LINK_COMPLETE:
4127 hci_phy_link_complete_evt(hdev, skb);
4128 break;
4129
4130 case HCI_EV_LOGICAL_LINK_COMPLETE:
4131 hci_loglink_complete_evt(hdev, skb);
4132 break;
4133
4134 case HCI_EV_DISCONN_LOGICAL_LINK_COMPLETE:
4135 hci_disconn_loglink_complete_evt(hdev, skb);
4136 break;
4137
4138 case HCI_EV_DISCONN_PHY_LINK_COMPLETE:
4139 hci_disconn_phylink_complete_evt(hdev, skb);
4140 break;
4141
4142 case HCI_EV_NUM_COMP_BLOCKS:
4143 hci_num_comp_blocks_evt(hdev, skb);
4144 break;
4145
4146 default:
4147 BT_DBG("%s event 0x%2.2x", hdev->name, event);
4148 break;
4149 }
4150
4151 kfree_skb(skb);
4152 hdev->stat.evt_rx++;
4153}
Linux kernel - Deliverables
This page took 0.737837 seconds and 5 git commands to generate.